Vulnerability Development mailing list archives
Scanning Web Proxy -- Preliminary Concept
From: Philip Stoev <philip () STOEV ORG>
Date: Thu, 14 Dec 2000 23:34:03 +0200
Hello, I am not certain if this is the proper list to post to, however I would like to bring about to your attention an idea of mine (no code yet). Any feedback, including yells like "We already did something like that!" are highly appreciated. http://www.stoev.org/proxy/preliminary-concept.html The purpose of the proposed scanning web proxy is to analyze all HTTP request-reply pairs that pass through it for the purpose of finding security vulnerabilities in the web sites being visited (i.e. weak cookies, plain-text passwords stored in hidden form fields, etc.), using the browsing human user as a vehicle allowing the scanner to peek into the internals of the web site (such as the portions of the site that are behind the log-in page). Please note that the proposed software is not meant to find vulnerabilities in its clients, nor it is meant to protect its clients from Trojans/viruses, or whatever. Again, any feedback is highly appreciated, even if flames. Please forward this announcements to other people or groups you may consider relevant. Sincerely, Philip Stoev
Current thread:
- Scanning Web Proxy -- Preliminary Concept Philip Stoev (Dec 15)
- Re: Scanning Web Proxy -- Preliminary Concept Bluefish (P.Magnusson) (Dec 17)
- Re: Scanning Web Proxy -- Preliminary Concept R. DuFresne (Dec 17)
- Re: Scanning Web Proxy -- Preliminary Concept Ory Segal (Dec 18)
- <Possible follow-ups>
- Re: Scanning Web Proxy -- Preliminary Concept Sahlberg, Jeremiah (Dec 20)