Penetration Testing mailing list archives
Re: WebScarab .NET SSL Error
From: Danux <danuxx () gmail com>
Date: Wed, 4 Jun 2008 12:46:18 -0500
Thanks to all, Well, i resolve it using the excellent extension of Firefox call Firebug which updates de form elements on the fly, like maxlength. its excellent, because in this case as i told you i was not able to use a proxy like webscarab or acunetix nor able to create my own page and just submit the form to the cgi, but with firebug the WebSite does not know the page was altered because the change was on the client side through java script. Thanks to all once again. On Tue, Jun 3, 2008 at 10:31 AM, Maxime Ducharme <mducharme () cybergeneration com> wrote:
Hi Danux I suggest that you try this Firefox extension : - TamperData : http://tamperdata.mozdev.org/ Another interesting I didn't tried yet : https://addons.mozilla.org/en-US/firefox/addon/2691 HTH Maxime -----Message d'origine----- De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la part de Danux Envoyé : 30 mai 2008 05:37 À : pen-test () securityfocus com Objet : WebScarab .NET SSL Error Hi Friends, I am testing a .NET-SSL enabled web application, and i discovered a possible SQL Injection, then because of lack of space in the input field of the form, i start trying to use a Proxy like WebScarab or Acunetix, but after submit the request through this proxies the application stops responding and i am not able to inject any code. I think could be because of .NET certificate trust validation, if so? Do you know how to bypass this issue? Have you ever been able to test an https .NET application through a Proxy? Thanks in Advanced. -- Danux ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
-- Danux, CISSP, OSCP, ISO27001 Offensive Security Consultant Macula Security Consulting Group www.macula-group.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Re: WebScarab .NET SSL Error Zed Qyves (Jun 02)
- <Possible follow-ups>
- RE: WebScarab .NET SSL Error Maxime Ducharme (Jun 03)
- Re: WebScarab .NET SSL Error Danux (Jun 04)
- Re: WebScarab .NET SSL Error kevin horvath (Jun 04)
- Message not available
- Message not available
- Re: WebScarab .NET SSL Error Danux (Jun 10)
- Re: WebScarab .NET SSL Error Danux (Jun 04)