Home page logo

pen-test logo Penetration Testing mailing list archives

Re: testing email based e-commerce system with .xdp extension - looking for input
From: Krugger <merc4krugger () gmail com>
Date: Mon, 11 Dec 2006 18:18:03 +0000

So what you mean is that they use SSL to encrypt the connection,
pretty standard.
They didn't show up because SSL usually starts using port 445, and you
http proxy probably only listens to port 80. Even if it would actually
be aware of port 445 it wouldn't be useful, as it is encrypted. You
can intercept the encrypted connection with ettercap for example.
Link: http://www.irongeek.com/i.php?page=security/ettercapfilter

xpd = XML pipeline document
Link: http://razor.occams.info/code/xpd/

As you seem quite imprecise, is it really a webservice or does it only
look like one?
Link: http://www.w3.org/TR/wsdl

Check for compliance with PCI 1.1.
Link: https://www.pcisecuritystandards.org

So you been hired to verify the security of the e-commerce site?
I am always amazed :)

This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]