Penetration Testing mailing list archives
RE: Flash Web Application
From: "PortSwigger" <mail () portswigger net>
Date: Fri, 5 Feb 2010 16:24:03 -0000
With Burp, you can get rid of the browser certificate warnings if you wish, by installing Burp's CA certificate in your browser. Burp generates a new CA certificate on installation, and creates a valid certificate for each domain you visit, signed by the CA cert. Further details, and instructions for installing the CA cert, can be found here: http://portswigger.net/proxy/servercerts.html Cheers PortSwigger -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Todd Haverkos Sent: 04 February 2010 12:32 To: Zaki Akhmad Cc: pen-test () securityfocus com Subject: Re: Flash Web Application Zaki Akhmad <zakiakhmad () gmail com> writes:
On Thu, Jan 28, 2010 at 7:35 PM, David Howe <David.Howe () ansgroup co uk>
wrote:
You can use webscarab to snoop on the web traffic and/or extract secondary loads more easily.Can I see the traffic with webscarab if the site is using https connection?
Hi Zaki, Yes. Webscarab presents its own certificate to your browser so you will get a warning of your intentional man in the middle attack against your own https connection. Burp, Fiddler2, Charles, Paros and the other interactive proxies all work relatively similarly in this regard. Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Flash Web Application, (continued)
- Re: Flash Web Application Zaki Akhmad (Feb 03)
- Re: Flash Web Application Steve Pinkham (Feb 03)
- Re: Flash Web Application Zaki Akhmad (Feb 03)
- Re: Flash Web Application lovewadhwa (Feb 03)
- Re: Flash Web Application Zaki Akhmad (Feb 03)
- Re: Flash Web Application David Howe (Feb 03)
- Re: Flash Web Application Zaki Akhmad (Feb 03)
- Re: Flash Web Application David Howe (Feb 05)
- Re: Flash Web Application Zaki Akhmad (Feb 05)
- Re: Flash Web Application David Howe (Feb 03)
- Re: Flash Web Application Todd Haverkos (Feb 05)
- RE: Flash Web Application PortSwigger (Feb 07)