Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: WebScarab .NET SSL Error
From: "kevin horvath" <kevin.horvath () gmail com>
Date: Wed, 4 Jun 2008 15:07:07 -0400

if your referring to updating the content-length header when you
change the get or post request in transit then burp proxy with
automatically do it for you also.  Additionally it has alot of other
very useful tools built into it such as a fuzzer, cookie analysis
etc....

Kevin

On Wed, Jun 4, 2008 at 1:46 PM, Danux <danuxx () gmail com> wrote:
Thanks to all,

Well, i resolve it using the excellent extension of Firefox call
Firebug which updates de form elements on the fly, like maxlength.
its excellent, because in this case as i told you i was not able to
use a proxy like webscarab or acunetix nor able to create my own page
and just submit the form to the cgi, but with firebug the WebSite does
not know the page was altered because the change was on the client
side through java script.

Thanks to all once again.

On Tue, Jun 3, 2008 at 10:31 AM, Maxime Ducharme
<mducharme () cybergeneration com> wrote:


Hi Danux

I suggest that you try this Firefox extension :

- TamperData : http://tamperdata.mozdev.org/

Another interesting I didn't tried yet :
https://addons.mozilla.org/en-US/firefox/addon/2691

HTH

Maxime



-----Message d'origine-----
De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De
la part de Danux
Envoyé : 30 mai 2008 05:37
À : pen-test () securityfocus com
Objet : WebScarab .NET SSL Error

Hi Friends,

I  am testing a .NET-SSL enabled web application, and i discovered a
possible SQL Injection, then because of lack of space in the input
field of the form, i start trying to use a Proxy like WebScarab or
Acunetix, but after submit the request through this proxies the
application stops responding  and i am not able to inject any code.
I think could be because of .NET certificate trust validation, if so?
Do you know how to bypass this issue?

Have you ever been able to test an https .NET application through a Proxy?

Thanks in Advanced.

--
Danux

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------







--
Danux, CISSP, OSCP, ISO27001
Offensive Security Consultant
Macula Security Consulting Group
www.macula-group.com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]