Re: Proof of Concept Tool on Web Application Security

From: Jörg Schütter (joerg@schuetter.org)
Date: Sun Apr 27 2003 - 09:04:48 EDT

• Next message: Paul Vlissidis: "Re: Port Scanners / Sniffers Review"
• Previous message: Chris Wysopal: "@stake WebProxy 2.1 new release"
• In reply to: Indian Tiger: "Proof of Concept Tool on Web Application Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hallo Indian Tiger,

On Tue, 15 Apr 2003 23:35:34 +0530
"Indian Tiger" <indiantiger@mailandnews.com> wrote:

[...]
> This manipulation can also be achieved if an Attacker can put his
> Proxy (Web Sleuth) on intermediate Router/Proxy. One Example is I am
> accessing Hotmail and on my ISP Router/Proxy, An attacker installs
> tool like Web Sleuth. But again question comes Router works on OSI
> layer 3 so attacker can't put tool like Web Sleuth. If intermediate
> hop is Proxy which is on Application level, there should be some tool
> which can be placed here.

Have a look at http://en.tldp.org/HOWTO/mini/TransparentProxy.html which
explains how to use squid as transparent proxy by using iptables.

Gruß
  Jörg

-- 
Dipl.-Ing. Jörg Schütter           http://www.lug-untermain.de/
                                   http://www.schuetter.org/joerg/
joerg@schuetter.org                http://mypenguin.bei.t-online.de/

• application/pgp-signature attachment: stored

• Next message: Paul Vlissidis: "Re: Port Scanners / Sniffers Review"
• Previous message: Chris Wysopal: "@stake WebProxy 2.1 new release"
• In reply to: Indian Tiger: "Proof of Concept Tool on Web Application Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:32 EDT