Re: [WEB SECURITY] HTTP Proxy for thick clients

From: bugtraq@cgisecurity.net
Date: Tue Aug 28 2007 - 00:34:21 EDT


Here is a trick that often works. Open IE and assign the proxy settings to be paros. IE allows
the global setting of a proxy in windows and many applications support inheritance of this setting
(I can't recall the exact name at the moment). This may allow you to reassign the setting when
nothing is exposed in your application.

This works even if your default browser is not IE. It is also an interesting way to see which
applications speak HTTP if you leave it running overnight.

Regards,
- Robert
http://www.cgisecurity.com/ Application Security news and more
http://www.webappsec.org/
http://www.qasec.com/

> List,
>
> I am testing a .NET thick client application using web services. I am
> looking for an HTTP/TCP Proxy tool like PAROS / BURP which I can use to see
> the change the traffic. The application does not have a way to set proxy
> setting so I cannot use paros / burp and then do proxy chaining. Also,
> everything on the tunnel is SSL, so ethereal is not much help
>
> Also, any good tools to edit XML / SOAP traffic
>
> Thanks for suggesstions in advance
>
>
>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:04 EDT