RE: Looking for a POST statement Sniffer

[Tom Arseneault <TArseneault () counterpane com>]

You can use Snort (www.snort.org) to do this. It has the added attraction of
being very flexible in what you search for, though it's learning curve may
be steeper than you want.

Thomas J. Arseneault 
Security Engineer
Counterpane Internet Security
tarseneault () counterpane com

-----Original Message-----
From: Andy Talbot [mailto:atalbot () sli co im]
Sent: Monday, September 15, 2003 7:27 AM
To: webappsec () securityfocus com
Subject: Looking for a POST statement Sniffer


Hi Everyone

It's been a long time since I've required the ability to sniff POST
statements and the application I used many time ago has since died on my
last machine (I think I used the proxy server included in one of Compuware's
QA testing suite products to catch URL POST Statements).

This requirement has arisen from a new web development within our Extranet,
developed in Flash 5 with asp. As the URL's statements are not publicly
visible in the address bar (they are passed transparently within the flash
movie), I require a reliable method of catching the post statements sent
from my client PC to my Websever, so I can check our current security
measures.

Ideally I'm looking for a free and reliable method of achieving this! If you
guys could recommend something suitable to me this would be much
appreciated.

Many Thanks
Andy Talbot
IT Developer / Analyst Programmer



============================================================================
===============

The information in this e-mail is confidential and may be legally
privileged.  It is intended solely for the addressee and access to this
e-mail by anyone else is unauthorised.

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it is prohibited
and may be unlawful.

At present the integrity of e-mail across the Internet cannot be guaranteed
and messages sent via this medium are potentially at risk.  Therefore we
will not accept liability for any claims arising as a result of the use of
this medium to transmit messages by or to the Scottish Life International
group of companies.

The Scottish Life International group of companies is owned by Royal London.

Scottish Life International Investment Group who provides marketing services
is a Royal London company which is regulated by the Financial Services
Authority for UK investment business and only promotes the investment, life
assurance and pensions products of the Royal London marketing group.
Registered Office: 19 St Andrew Square, Edinburgh EH2 1YE, United Kingdom.
Registered in Scotland No. 166387.

Scottish Life International Insurance Company Limited, a Royal London
company, is the Isle of Man based product provider of life assurance and
investment products of the Royal London marketing group. Scottish Life
International Insurance Company Limited is authorised by the Isle of Man
Government Insurance and Pensions Authority. A member of the Association of
International Life Offices.  Registered in the Isle of Man Number 076981C.
Registered Office: Exchange House, 54-58 Athol Street, Douglas,
Isle of Man IM1 1JD, British Isles.

Scottish International Fund Managers Limited, a Royal London company, is
licensed to conduct investment business as a Category 3 licenceholder by the
Isle of Man Financial Supervision Commission under the Investment Business
Act 1991.  Registered in the Isle of Man number 89411C.  Registered address:
54-58 Athol Street, Douglas, Isle of Man, IM1 1JD, British Isles.