RE: Looking for a POST statement Sniffer

["Dawes, Rogan (ZA - Johannesburg)" <rdawes () deloitte co za>]

Hi,

There are a bunch of programs that offer the ability to snoop on HTTP and
HTTPS traffic. One recent poster mentioned Paros, which was recently
updated. I have also developed Exodus
(http://home.intekom.co.za/rdawes/exodus.html), and there are a bunch of
alternatives listed on that page that can also do what you are looking for.

Finally, have a look at the OWASP project's WebScarab (the future of Exodus)
at http://sourceforge.net/projects/owasp/ which is coming along in leaps and
bounds. I suggest getting the latest version from CVS, since I have made
significant changes to it since the last file release. I will be packaging a
new release soon.

Rogan

> -----Original Message-----
> From: Andy Talbot [mailto:atalbot () sli co im] 
> Sent: 15 September 2003 04:27 PM
> To: webappsec () securityfocus com
> Subject: Looking for a POST statement Sniffer
>
>
> Hi Everyone
>
> It's been a long time since I've required the ability to sniff POST
> statements and the application I used many time ago has since 
> died on my
> last machine (I think I used the proxy server included in one 
> of Compuware's
> QA testing suite products to catch URL POST Statements).
>
> This requirement has arisen from a new web development within 
> our Extranet,
> developed in Flash 5 with asp. As the URL's statements are 
> not publicly
> visible in the address bar (they are passed transparently 
> within the flash
> movie), I require a reliable method of catching the post 
> statements sent
> from my client PC to my Websever, so I can check our current security
> measures.
>
> Ideally I'm looking for a free and reliable method of 
> achieving this! If you
> guys could recommend something suitable to me this would be much
> appreciated.
>
> Many Thanks
> Andy Talbot
> IT Developer / Analyst Programmer
>
>
>
> ==============================================================
> =============================
>
> The information in this e-mail is confidential and may be legally
> privileged.  It is intended solely for the addressee and 
> access to this
> e-mail by anyone else is unauthorised.
>
> If you are not the intended recipient, any disclosure, 
> copying, distribution
> or any action taken or omitted to be taken in reliance on it 
> is prohibited
> and may be unlawful.
>
> At present the integrity of e-mail across the Internet cannot 
> be guaranteed
> and messages sent via this medium are potentially at risk.  
> Therefore we
> will not accept liability for any claims arising as a result 
> of the use of
> this medium to transmit messages by or to the Scottish Life 
> International
> group of companies.
>
> The Scottish Life International group of companies is owned 
> by Royal London.
>
> Scottish Life International Investment Group who provides 
> marketing services is a Royal London company which is 
> regulated by the Financial Services Authority for UK 
> investment business and only promotes the investment, life 
> assurance and pensions products of the Royal London marketing group.
> Registered Office: 19 St Andrew Square, Edinburgh EH2 1YE, 
> United Kingdom.
> Registered in Scotland No. 166387.
>
> Scottish Life International Insurance Company Limited, a 
> Royal London company, is the Isle of Man based product 
> provider of life assurance and investment products of the 
> Royal London marketing group. Scottish Life International 
> Insurance Company Limited is authorised by the Isle of Man 
> Government Insurance and Pensions Authority. A member of the 
> Association of International Life Offices.  Registered in the 
> Isle of Man Number 076981C.  Registered Office: Exchange 
> House, 54-58 Athol Street, Douglas,
> Isle of Man IM1 1JD, British Isles.
>
> Scottish International Fund Managers Limited, a Royal London 
> company, is licensed to conduct investment business as a 
> Category 3 licenceholder by the Isle of Man Financial 
> Supervision Commission under the Investment Business Act 
> 1991.  Registered in the Isle of Man number 89411C.  
> Registered address: 54-58 Athol Street, Douglas, Isle of Man, 
> IM1 1JD, British Isles.

Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") 
that must be accessed and read by clicking here or by copying and pasting the following address into your Internet 
browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this 
email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access 
the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre () Deloitte co za.