All, I am pleased to announce that a web application security tool that I wrote a while back has made it to the @stake free tools page: http://www.atstake.com/research/tools/index.html#WebProxy This is installed as a proxy in your browser, processing all web requests as they go by (both http and https). It allows regular expression replacement, request logging, request interception, editing, and re-issue. Easy installer included (just download and run). Supports Netscape and IE on Linux, Solaris, and Windows. It is written in Java, so any platform that has a 1.4 JRE should work. There is also a short description at the above page. Don't forget: EASY install!!! Download, run, set proxy configuration in browser (http proxy: 127.0.0.1, port 5111 and https proxy: 127.0.0.1, port 5112), and you're good to go! For menus, utilities, etc., go to http://webproxy/ after setting your proxy up as stated. Please see the Readme.html file for details about setting up your browser after installing it. Thanks, fes PS: Also included is the beginning of a web fuzzer that can be enabled by uncommenting some obvious lines in the .webproxyrc file. :) -- Frank Swiderski Security Consultant, @stake, Inc. fesat_private
This archive was generated by hypermail 2b30 : Tue Apr 23 2002 - 21:00:28 PDT