Penetration Testing mailing list archives
Re: Flash Web Application
From: Todd Haverkos <infosec () haverkos com>
Date: Thu, 04 Feb 2010 06:32:09 -0600
Zaki Akhmad <zakiakhmad () gmail com> writes:
On Thu, Jan 28, 2010 at 7:35 PM, David Howe <David.Howe () ansgroup co uk> wrote:You can use webscarab to snoop on the web traffic and/or extract secondary loads more easily.Can I see the traffic with webscarab if the site is using https connection?
Hi Zaki, Yes. Webscarab presents its own certificate to your browser so you will get a warning of your intentional man in the middle attack against your own https connection. Burp, Fiddler2, Charles, Paros and the other interactive proxies all work relatively similarly in this regard. Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Flash Web Application david lodge (Feb 02)
- Re: Flash Web Application Zaki Akhmad (Feb 03)
- Re: Flash Web Application Steve Pinkham (Feb 03)
- <Possible follow-ups>
- Re: Flash Web Application Zaki Akhmad (Feb 03)
- Re: Flash Web Application lovewadhwa (Feb 03)
- Re: Flash Web Application Zaki Akhmad (Feb 03)
- Re: Flash Web Application David Howe (Feb 03)
- Re: Flash Web Application Zaki Akhmad (Feb 03)
- Re: Flash Web Application David Howe (Feb 05)
- Re: Flash Web Application Zaki Akhmad (Feb 05)
- Re: Flash Web Application David Howe (Feb 03)
- Re: Flash Web Application Todd Haverkos (Feb 05)
- RE: Flash Web Application PortSwigger (Feb 07)