[WEB SECURITY] Looking For Some Proxy Advice

Arian J. Evans arian.evans at anachronic.com
Thu Aug 20 14:12:46 EDT 2009


If you have an MSDN developer subscription you might try ISA. I've
used that in the past.

There's a little windows proxy I've used in the past too that was
shareware, been around for years, but cannot recall the same. It was
very limited functionality, but very lightweight. It supported NAT and
reverse NAT as well and I know people used it to abuse their webapp
scanner IP or domain-name restricted licenses. Someone else will cough
up the name shortly I think.

-- 
Arian Evans




On Thu, Aug 20, 2009 at 10:21 AM, Brian Shura<bshura73 at gmail.com> wrote:
> Does anyone know of a free HTTP proxy that can be easily installed on a
> desktop and has the following capabilities?
>
> 1.  Ability to configure an outgoing proxy server.
> 2.  Support for an outgoing proxy server that requires NTML authentication.
> 3.  Ability to define a "proxy bypass list" so that the outgoing proxy
> server is not used for specific IP addresses or hostnames.
> 4.  Ability to point a web application scanner at this proxy and run a scan
> through the proxy without the proxy bogging down and crashing.
>
> Paros supports items 1, 2, and 3 above but doesn't seem to be designed to
> route a large number of requests through it since it's more of a manual
> testing tool and is trying to store all the HTTP requests/responses.  In
> this case I'm not really interested in storing or viewing the HTTP
> requests/responses, just need a way to intelligently route requests to
> certain hostnames through an outgoing proxy server and bypass the outgoing
> proxy server for other hostnames.
>
> Thanks,
> Brian

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list