Penetration Testing mailing list archives
[PEN-TEST] Scanning Web Proxy -- Preliminary Concept
From: Philip Stoev <philip () STOEV ORG>
Date: Thu, 14 Dec 2000 23:50:08 +0200
Hello, I am not certain if this is the proper list to post to, however I would like to bring about to your attention an idea of mine (no code yet). Any feedback, including yells like "We already did something like that!" are highly appreciated. http://www.stoev.org/proxy/preliminary-concept.html The purpose of the proposed scanning web proxy is to analyze all HTTP request-reply pairs that pass through it for the purpose of finding security vulnerabilities in the web sites being visited (i.e. weak cookies, plain-text passwords stored in hidden form fields, etc.), using the browsing human user as a vehicle allowing the scanner to peek into the internals of the web site (such as the portions of the site that are behind the log-in page). Please note that the proposed software is not meant to find vulnerabilities in its clients, nor it is meant to protect its clients from Trojans/viruses, or whatever. Again, any feedback is highly appreciated, even if flames. Please forward this announcements to other people or groups you may consider relevant. Sincerely, Philip Stoev
Current thread:
- [PEN-TEST] Scanning Web Proxy -- Preliminary Concept Philip Stoev (Dec 15)
- Re: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept Glenn Williamson (Dec 15)
- Re: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept Alex Butcher (Dec 16)
- Re: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept Philip Stoev (Dec 16)
- <Possible follow-ups>
- Re: [PEN-TEST] Scanning Web Proxy -- Preliminary Concept vort-fu (Dec 15)