Advanced techniques with "exodus proxy"

["Ralph M. Los" <Ralph () boundariez com>]

'ello all,
        Just curious to see if anyone has a good write-up on dirty
hacks, or methods one can accomplish with Exodus Proxy.  I audit
internal appliations for our enterprise almost daily, and I always run
into the same things, XSS, session manipulation, logic subversion,
etc...but it's all using the automated AppScan (Sanctum, Inc)...I'd like
to be able to duplicate all those manually with Exodus.  I know the
basic functions, intercepts, etc...but I was hoping for some
documentation on how YOU'VE used it?

        The biggest thing I try and fail with is SQL injection into our
Oracle servers.  Different app teams use different frameworks to talk
through to Oracle...but I'm trying to come up with a way where I can
stop getting jdbc errors, and start retrieving Oracle data....ideas?
I'm also trying to do a POC on pushing a malicious login page to harvest
passwords, through XSS into a simple app.

Thanks in advance,
 ./Wiz