|
Penetration Testing
mailing list archives
Re: [WEB SECURITY] HTTP Proxy for thick clients
From: bugtraq () cgisecurity net
Date: Tue, 28 Aug 2007 00:34:21 -0400 (EDT)
Here is a trick that often works. Open IE and assign the proxy settings to be paros. IE allows
the global setting of a proxy in windows and many applications support inheritance of this setting
(I can't recall the exact name at the moment). This may allow you to reassign the setting when
nothing is exposed in your application.
This works even if your default browser is not IE. It is also an interesting way to see which
applications speak HTTP if you leave it running overnight.
Regards,
- Robert
http://www.cgisecurity.com/ Application Security news and more
http://www.webappsec.org/
http://www.qasec.com/
List,
I am testing a .NET thick client application using web services. I am
looking for an HTTP/TCP Proxy tool like PAROS / BURP which I can use to see
the change the traffic. The application does not have a way to set proxy
setting so I cannot use paros / burp and then do proxy chaining. Also,
everything on the tunnel is SSL, so ethereal is not much help
Also, any good tools to edit XML / SOAP traffic
Thanks for suggesstions in advance
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
| 
Intro
