Hosting Provided By

Re: Proof of Concept Tool on Web Application Security

From: Kriss Andsten <kriss(at)sverok.se>
Date: Fri Apr 11 2003 - 09:27:01 EDT

On Tue, 2003-04-15 at 20:03, Indian Tiger wrote:

<snip>
> This manipulation can also be achieved if an Attacker can put his Proxy (Web

It does not matter if it's a L3 gate or even a L2 switch - given the proper conditions (decent OS on the gateway) it's always possible to transparently route traffic through an application. Always assume 'proper conditions' if the network is unknown. Also, have a look at ettercap for 'getting cookies of others'.

Kriss Received on Sat Apr 12 22:20:14 2003

This message: [ Message body ]
Next message: Brass, Phil (ISS Atlanta): "Client script access to server cert info"
Previous message: Shaji Sethu: "Federated Security Applications and Implications."
In reply to Indian Tiger: "Proof of Concept Tool on Web Application Security"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:50 EDT