WebApp Sec mailing list archives
Re: testing webapp - socks and http proxy question
From: K <rusty_johnson2 () yahoo com>
Date: Sat, 10 Jan 2009 03:57:14 -0800 (PST)
Burp comms tab, set burp to use proxy. The socks proxy is your choice.
Ken
On Jan 9, 2009, at 4:39 AM, Rogan Dawes <lists () dawes za net> wrote:
learn lids wrote:
hello everybody,
moderators : sorry about the cross-post, but i thoght this question
is relevant to all these 3 lists.
i am trying to test a web app which is accessible by only a socks
proxy. so i want to redirect the http traffic through the socks proxy
to access th webapp. the setup is:
browser {OUT 127.0.0.1:8080} ---> burp proxy --> socks proxy to
webapp
i am not sure how to make burp talk to the socks proxy. i used
proxychains but i am not able to make it work.
any suggestions are much appreciated. any other alternate methods
would be nice.
thank you, learner
The work-in-progress OWASP Proxy library (and sample app) supports
upstream and downstream SOCKS proxies. i.e. it can act as a SOCKS proxy,
and it can connect through an upstream SOCKS proxy. It can also act as a
regular HTTP proxy, allowing:
[browser] --(HTTP Proxy)--> [burp] --(HTTP Proxy)--> [OWASP Proxy]
--(SOCKS)--> [socks proxy]--> [server]
This is probably not ideal, though.
You *may* be able to convince burp to use an upstream SOCKS proxy by
setting the appropriate Java environment variables. See:
<http://java.sun.com/javase/6/docs/technotes/guides/net/proxies.html>
I don't think that this supports authentication to the upstream SOCKS
Proxy, though. If you need upstream authentication, you may need to hack
something together using JSOCKS, for example.
Rogan
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be
considered a crucial phase in the development of any web application. What methodology should be followed? What tools
can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be
considered a crucial phase in the development of any web application. What methodology should be followed? What tools
can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Current thread:
- testing webapp - socks and http proxy question learn lids (Jan 08)
- Re: testing webapp - socks and http proxy question Rogan Dawes (Jan 09)
- <Possible follow-ups>
- Re: testing webapp - socks and http proxy question K (Jan 10)
- Re: testing webapp - socks and http proxy question learn lids (Jan 14)
- Re: testing webapp - socks and http proxy question Jack Mannino (Jan 10)
- Re: testing webapp - socks and http proxy question K (Jan 14)
- Re: testing webapp - socks and http proxy question learn lids (Jan 14)
- Re: testing webapp - socks and http proxy question learn lids (Jan 14)
- Re: testing webapp - socks and http proxy question jack . a . mannino (Jan 15)
- Re: testing webapp - socks and http proxy question K (Jan 15)