WebApp Sec mailing list archives
Advanced techniques with "exodus proxy"
From: "Ralph M. Los" <Ralph () boundariez com>
Date: Sat, 23 Aug 2003 00:07:08 -0400
'ello all, Just curious to see if anyone has a good write-up on dirty hacks, or methods one can accomplish with Exodus Proxy. I audit internal appliations for our enterprise almost daily, and I always run into the same things, XSS, session manipulation, logic subversion, etc...but it's all using the automated AppScan (Sanctum, Inc)...I'd like to be able to duplicate all those manually with Exodus. I know the basic functions, intercepts, etc...but I was hoping for some documentation on how YOU'VE used it? The biggest thing I try and fail with is SQL injection into our Oracle servers. Different app teams use different frameworks to talk through to Oracle...but I'm trying to come up with a way where I can stop getting jdbc errors, and start retrieving Oracle data....ideas? I'm also trying to do a POC on pushing a malicious login page to harvest passwords, through XSS into a simple app. Thanks in advance, ./Wiz
Current thread:
- Advanced techniques with "exodus proxy" Ralph M. Los (Aug 23)
- <Possible follow-ups>
- RE: Advanced techniques with "exodus proxy" Dawes, Rogan (ZA - Johannesburg) (Aug 25)