Re: Proof of Concept Tool on Web Application Security

From: Jörg Schütter (joergat_private)
Date: Sun Apr 27 2003 - 06:04:48 PDT

Next message: Paul Vlissidis: "Re: Port Scanners / Sniffers Review"

Previous message: Chris Wysopal: "@stake WebProxy 2.1 new release"
In reply to: Indian Tiger: "Proof of Concept Tool on Web Application Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hallo Indian Tiger,

On Tue, 15 Apr 2003 23:35:34 +0530
"Indian Tiger" <indiantigerat_private> wrote:

[...]
> This manipulation can also be achieved if an Attacker can put his
> Proxy (Web Sleuth) on intermediate Router/Proxy. One Example is I am
> accessing Hotmail and on my ISP Router/Proxy, An attacker installs
> tool like Web Sleuth. But again question comes Router works on OSI
> layer 3 so attacker can't put tool like Web Sleuth. If intermediate
> hop is Proxy which is on Application level, there should be some tool
> which can be placed here.

Have a look at http://en.tldp.org/HOWTO/mini/TransparentProxy.html which
explains how to use squid as transparent proxy by using iptables.

Gruß
  Jörg

-- 
Dipl.-Ing. Jörg Schütter           http://www.lug-untermain.de/
                                   http://www.schuetter.org/joerg/
joergat_private                http://mypenguin.bei.t-online.de/

application/pgp-signature attachment: stored

Next message: Paul Vlissidis: "Re: Port Scanners / Sniffers Review"
Previous message: Chris Wysopal: "@stake WebProxy 2.1 new release"
In reply to: Indian Tiger: "Proof of Concept Tool on Web Application Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Apr 27 2003 - 09:27:11 PDT