WebApp Sec mailing list archives
RE: Looking for a POST statement Sniffer
From: "Dawes, Rogan (ZA - Johannesburg)" <rdawes () deloitte co za>
Date: Tue, 16 Sep 2003 09:17:35 +0200
Hi, There are a bunch of programs that offer the ability to snoop on HTTP and HTTPS traffic. One recent poster mentioned Paros, which was recently updated. I have also developed Exodus (http://home.intekom.co.za/rdawes/exodus.html), and there are a bunch of alternatives listed on that page that can also do what you are looking for. Finally, have a look at the OWASP project's WebScarab (the future of Exodus) at http://sourceforge.net/projects/owasp/ which is coming along in leaps and bounds. I suggest getting the latest version from CVS, since I have made significant changes to it since the last file release. I will be packaging a new release soon. Rogan
-----Original Message----- From: Andy Talbot [mailto:atalbot () sli co im] Sent: 15 September 2003 04:27 PM To: webappsec () securityfocus com Subject: Looking for a POST statement Sniffer Hi Everyone It's been a long time since I've required the ability to sniff POST statements and the application I used many time ago has since died on my last machine (I think I used the proxy server included in one of Compuware's QA testing suite products to catch URL POST Statements). This requirement has arisen from a new web development within our Extranet, developed in Flash 5 with asp. As the URL's statements are not publicly visible in the address bar (they are passed transparently within the flash movie), I require a reliable method of catching the post statements sent from my client PC to my Websever, so I can check our current security measures. Ideally I'm looking for a free and reliable method of achieving this! If you guys could recommend something suitable to me this would be much appreciated. Many Thanks Andy Talbot IT Developer / Analyst Programmer ============================================================== ============================= The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee and access to this e-mail by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. At present the integrity of e-mail across the Internet cannot be guaranteed and messages sent via this medium are potentially at risk. Therefore we will not accept liability for any claims arising as a result of the use of this medium to transmit messages by or to the Scottish Life International group of companies. The Scottish Life International group of companies is owned by Royal London. Scottish Life International Investment Group who provides marketing services is a Royal London company which is regulated by the Financial Services Authority for UK investment business and only promotes the investment, life assurance and pensions products of the Royal London marketing group. Registered Office: 19 St Andrew Square, Edinburgh EH2 1YE, United Kingdom. Registered in Scotland No. 166387. Scottish Life International Insurance Company Limited, a Royal London company, is the Isle of Man based product provider of life assurance and investment products of the Royal London marketing group. Scottish Life International Insurance Company Limited is authorised by the Isle of Man Government Insurance and Pensions Authority. A member of the Association of International Life Offices. Registered in the Isle of Man Number 076981C. Registered Office: Exchange House, 54-58 Athol Street, Douglas, Isle of Man IM1 1JD, British Isles. Scottish International Fund Managers Limited, a Royal London company, is licensed to conduct investment business as a Category 3 licenceholder by the Isle of Man Financial Supervision Commission under the Investment Business Act 1991. Registered in the Isle of Man number 89411C. Registered address: 54-58 Athol Street, Douglas, Isle of Man, IM1 1JD, British Isles.
Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by copying and pasting the following address into your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre () Deloitte co za.
Current thread:
- Looking for a POST statement Sniffer Andy Talbot (Sep 15)
- Re: Looking for a POST statement Sniffer Ivan Ristic (Sep 15)
- Re: Looking for a POST statement Sniffer Jon Hart (Sep 15)
- <Possible follow-ups>
- RE: Looking for a POST statement Sniffer Tom Arseneault (Sep 15)
- RE: Looking for a POST statement Sniffer Dawes, Rogan (ZA - Johannesburg) (Sep 16)