WebApp Sec mailing list archives
RE: New version of Exodus available
From: "Dawes, Rogan (ZA - Johannesburg)" <rdawes () deloitte co za>
Date: Wed, 18 Jun 2003 07:45:28 +0200
Er. Yes. Sorry. I'll fix it to not do that in future. Sorry
-----Original Message----- From: Tim Yohn [mailto:tyohn () alabanza com] Sent: 17 June 2003 07:35 PM To: Dawes, Rogan (ZA - Johannesburg); webappsec () securityfocus com Subject: Re: New version of Exodus available All, I'd like to point out one little thing that *everyone* that tries this product should be aware of. It takes a directory as a command line argument, then procedes to delete (without prompting) anything in that directory, no matter what it is... Maybe a little prompting here would be nice, at least a warning that everything was going to be deleted instead of just going and removing everything... The documentation on the website provided only states the following: "Run exodus with a command like : java -jar exodus.jar directoryname where directoryname is a directory that exodus should use to store the conversations seen. If no parameter is passed, exodus will not save any analysis at this point. The directory need not exist, but the name should end with a slash (appropriate for the platform)" Tim. On Tuesday 17 June 2003 02:35 am, Dawes, Rogan (ZA - Johannesburg) wrote:Hi folks, Following on from the discussion about editing form fields,etc, I wouldlike to announce a new version of Exodus. Exodus is a Java Swing application that provides a HTTP andHTTPS proxyfacility, allowing the operator to view and/or interceptand modify any andall conversations between the browser and the server. Exodus has significant functionality in terms ofvisualising the targetsite's structure, automatically fetching unseen links,extracting comments,forms and scripts from HTML responses, and submitting"known-bad" values toforms to test error handling. Exodus is available from http://mysite.mweb.co.za/residents/rdawes/exodus.html All feedback is welcome. Rogan -- "Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench." - Gene Spafford -- Deloitte & Touche Security Services Group Tel: +27(11)806-6216 Fax: +27(11)806-5202 Cell:+27(82)784-9498
Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by copying and pasting the following address into your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre () Deloitte co za.
Current thread:
- New version of Exodus available Dawes, Rogan (ZA - Johannesburg) (Jun 17)
- Re: New version of Exodus available Tim Yohn (Jun 17)
- <Possible follow-ups>
- RE: New version of Exodus available Dawes, Rogan (ZA - Johannesburg) (Jun 18)