Penetration Testing mailing list archives

Re: WebScarab .NET SSL Error

From: Danux <danuxx () gmail com>
Date: Wed, 4 Jun 2008 12:46:18 -0500

Thanks to all,

Well, i resolve it using the excellent extension of Firefox call
Firebug which updates de form elements on the fly, like maxlength.
its excellent, because in this case as i told you i was not able to
use a proxy like webscarab or acunetix nor able to create my own page
and just submit the form to the cgi, but with firebug the WebSite does
not know the page was altered because the change was on the client
side through java script.

Thanks to all once again.

On Tue, Jun 3, 2008 at 10:31 AM, Maxime Ducharme
<mducharme () cybergeneration com> wrote:



Hi Danux

I suggest that you try this Firefox extension :

- TamperData : http://tamperdata.mozdev.org/

Another interesting I didn't tried yet :
https://addons.mozilla.org/en-US/firefox/addon/2691

HTH

Maxime



-----Message d'origine-----
De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De
la part de Danux
Envoyé : 30 mai 2008 05:37
À : pen-test () securityfocus com
Objet : WebScarab .NET SSL Error

Hi Friends,

I  am testing a .NET-SSL enabled web application, and i discovered a
possible SQL Injection, then because of lack of space in the input
field of the form, i start trying to use a Proxy like WebScarab or
Acunetix, but after submit the request through this proxies the
application stops responding  and i am not able to inject any code.
I think could be because of .NET certificate trust validation, if so?
Do you know how to bypass this issue?

Have you ever been able to test an https .NET application through a Proxy?

Thanks in Advanced.

--
Danux

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------




-- 
Danux, CISSP, OSCP, ISO27001
Offensive Security Consultant
Macula Security Consulting Group
www.macula-group.com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

Current thread:

Re: WebScarab .NET SSL Error Zed Qyves (Jun 02)
- <Possible follow-ups>
- RE: WebScarab .NET SSL Error Maxime Ducharme (Jun 03)
  - Re: WebScarab .NET SSL Error Danux (Jun 04)
    - Re: WebScarab .NET SSL Error kevin horvath (Jun 04)
    - Message not available
    - Message not available
    - Re: WebScarab .NET SSL Error Danux (Jun 10)