Web Application Security
Re: stacking proxies Jan 04 2012 11:48PM
Robin Wood (robin digininja org)
On Jan 4, 2012 8:46 AM, "David Hardy" <davehardy20 (at) gmail (dot) com [email concealed]> wrote:
>
> Hi Robin,
>
> I was at the talk that Jason did at Brucon, I think there is a little confusion, what he meant was chaining proxy based scanners, ie burp thro Acunetix thro Webinspect etc.
>
> It sounded a strange thing to do and some people asked questions, and he explained that it helped pickup issues and speeded up testing. I remember he talked about how little time we have in a test window compared to a blackhat attacking a website.
> Hope this answers your question.

I know this is what he was talking about and I've got the chain that
Jason suggested, what I'm after is what chains other people use and
why.

When chaining proxies there is a chance of the two interfering with
each other so you have to make sure they are in the right order, for
example Burp through Ratproxy might work but Rat through Burp may
fail.

Chaining may be used to improve efficiency due to lack of time or just
to improve the accuracy of results, happy to take suggestions for
either.

Robin

> Best Regards
>
> Dave Hardy
>
> Sent From My Asus Transformer
>
> On Jan 4, 2012 1:53 AM, "Robin Wood" <robin (at) digininja (dot) org [email concealed]> wrote:
>>
>> On 1 January 2012 11:24, BookBag <asaad2 (at) gmail (dot) com [email concealed]> wrote:
>> > I tunnel everything thru tor. But be careful as DNS requests sometimes are
>> > done thru your IP. So its best to get your ip's thru any proxy and do the
>> > tests thru tor after you've got your ip's
>>
>> Most of my clients like to know where the attack will be coming from
>> so they can monitor it in their logs. I do some attacks through either
>> tor or from a different IP so I can see if they have enabled/disabled
>> anything special for the IP I told them I was using.
>>
>> Robin
>>
>> > On Jan 1, 2012 1:29 AM, "Robin Wood" <robin (at) digininja (dot) org [email concealed]> wrote:
>> >>
>> >> I watched Jason Haddix talk at BruCon and he talked about stacking
>> >> proxy servers when doing web app tests so that you could get the best
>> >> out of each one.
>> >>
>> >> I've been meaning to ask for a while, what proxies do people use when
>> >> stacking and in what order?
>> >>
>> >> Robin
>> >>
>> >>
>> >>
>> >> This list is sponsored by Cenzic
>> >> --------------------------------------
>> >> Let Us Hack You. Before Hackers Do!
>> >> It's Finally Here - The Cenzic Website HealthCheck. FREE.
>> >> Request Yours Now!
>> >> http://www.cenzic.com/2009HClaunch_Securityfocus
>> >> --------------------------------------
>> >>
>> >
>>
>>
>>
>> This list is sponsored by Cenzic
>> --------------------------------------
>> Let Us Hack You. Before Hackers Do!
>> It's Finally Here - The Cenzic Website HealthCheck. FREE.
>> Request Yours Now!
>> http://www.cenzic.com/2009HClaunch_Securityfocus
>> --------------------------------------
>>

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus