Penetration Testing mailing list archives
reg protocol based pen-testing
From: Mayank-Bhatnagar <mayank () ncb ernet in>
Date: Thu, 9 Oct 2003 17:16:23 +0530 (IST)
hi folks, well, with the current discussion going on with penetration testig webservers...I would like to add my own issues...... There are "prtocol scrubbers"(some jargon for these tools) exisiting which analyse session/packet details for that particular protocol.say for example its HTTP protocol, then a HTTP protocol scrubber would check whether the packets, messages are comlying with HTTP ie well formed or not.....these techniques are mainly applied in many IDS systems...... 1) I wanted to know how does these type of tools work....what methodology they apply....on what basis they check HTTP traffic......some examples would definitely be helpful...... 2) Whether the working of such tools really help building pen testing tools for webservers..... thanks Mayank --------------------------------------------------------------------------- Tired of constantly searching the web for the latest exploits? Tired of using 300 different tools to do one job? Get CORE IMPACT and get some rest. www.coresecurity.com/promos/sf_ept2 ----------------------------------------------------------------------------
Current thread:
- reg protocol based pen-testing Mayank-Bhatnagar (Oct 09)