Re: Proof of Concept Tool on Web Application Security
From: Jörg Schütter (joerg_at_schuetter.org)
Date: 04/27/03
- Previous message: Chris Wysopal: "@stake WebProxy 2.1 new release"
- In reply to: Indian Tiger: "Proof of Concept Tool on Web Application Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 27 Apr 2003 15:04:48 +0200 To: pen-test@securityfocus.com
Hallo Indian Tiger,
On Tue, 15 Apr 2003 23:35:34 +0530
"Indian Tiger" <indiantiger@mailandnews.com> wrote:
[...]
> This manipulation can also be achieved if an Attacker can put his
> Proxy (Web Sleuth) on intermediate Router/Proxy. One Example is I am
> accessing Hotmail and on my ISP Router/Proxy, An attacker installs
> tool like Web Sleuth. But again question comes Router works on OSI
> layer 3 so attacker can't put tool like Web Sleuth. If intermediate
> hop is Proxy which is on Application level, there should be some tool
> which can be placed here.
Have a look at http://en.tldp.org/HOWTO/mini/TransparentProxy.html which
explains how to use squid as transparent proxy by using iptables.
Gruß
Jörg
-- Dipl.-Ing. Jörg Schütter http://www.lug-untermain.de/ http://www.schuetter.org/joerg/ joerg@schuetter.org http://mypenguin.bei.t-online.de/
- application/pgp-signature attachment: stored
- Previous message: Chris Wysopal: "@stake WebProxy 2.1 new release"
- In reply to: Indian Tiger: "Proof of Concept Tool on Web Application Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
