OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: WebScarab .NET SSL Error

From: kevin horvath (kevin.horvathgmail.com)
Date: Wed Jun 04 2008 - 14:07:07 CDT


if your referring to updating the content-length header when you
change the get or post request in transit then burp proxy with
automatically do it for you also. Additionally it has alot of other
very useful tools built into it such as a fuzzer, cookie analysis
etc....

Kevin

On Wed, Jun 4, 2008 at 1:46 PM, Danux <danuxxgmail.com> wrote:
> Thanks to all,
>
> Well, i resolve it using the excellent extension of Firefox call
> Firebug which updates de form elements on the fly, like maxlength.
> its excellent, because in this case as i told you i was not able to
> use a proxy like webscarab or acunetix nor able to create my own page
> and just submit the form to the cgi, but with firebug the WebSite does
> not know the page was altered because the change was on the client
> side through java script.
>
> Thanks to all once again.
>
> On Tue, Jun 3, 2008 at 10:31 AM, Maxime Ducharme
> <mducharmecybergeneration.com> wrote:
>>
>>
>> Hi Danux
>>
>> I suggest that you try this Firefox extension :
>>
>> - TamperData : http://tamperdata.mozdev.org/
>>
>> Another interesting I didn't tried yet :
>> https://addons.mozilla.org/en-US/firefox/addon/2691
>>
>> HTH
>>
>> Maxime
>>
>>
>>
>> -----Message d'origine-----
>> De : listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com] De
>> la part de Danux
>> Envoyé : 30 mai 2008 05:37
>> À : pen-testsecurityfocus.com
>> Objet : WebScarab .NET SSL Error
>>
>> Hi Friends,
>>
>> I am testing a .NET-SSL enabled web application, and i discovered a
>> possible SQL Injection, then because of lack of space in the input
>> field of the form, i start trying to use a Proxy like WebScarab or
>> Acunetix, but after submit the request through this proxies the
>> application stops responding and i am not able to inject any code.
>> I think could be because of .NET certificate trust validation, if so?
>> Do you know how to bypass this issue?
>>
>> Have you ever been able to test an https .NET application through a Proxy?
>>
>> Thanks in Advanced.
>>
>> --
>> Danux
>>
>> ------------------------------------------------------------------------
>> This list is sponsored by: Cenzic
>>
>> Top 5 Common Mistakes
>> in Securing Web Applications
>> Find out now! Get Webinar Recording and PPT Slides
>>
>> www.cenzic.com/landing/securityfocus/hackinar
>> ------------------------------------------------------------------------
>>
>>
>>
>>
>
>
>
> --
> Danux, CISSP, OSCP, ISO27001
> Offensive Security Consultant
> Macula Security Consulting Group
> www.macula-group.com
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes
> in Securing Web Applications
> Find out now! Get Webinar Recording and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
>