[WEB SECURITY] Looking For Some Proxy Advice

Mark Feferman Mark.Feferman at Halliburton.com
Thu Aug 20 14:14:51 EDT 2009


What about WebScarab?  I think it supports all of these things.


From: Brian Shura [mailto:bshura73 at gmail.com]
Sent: Thursday, August 20, 2009 12:21 PM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] Looking For Some Proxy Advice

Does anyone know of a free HTTP proxy that can be easily installed on a desktop and has the following capabilities?

1.  Ability to configure an outgoing proxy server.
2.  Support for an outgoing proxy server that requires NTML authentication.
3.  Ability to define a "proxy bypass list" so that the outgoing proxy server is not used for specific IP addresses or hostnames.
4.  Ability to point a web application scanner at this proxy and run a scan through the proxy without the proxy bogging down and crashing.

Paros supports items 1, 2, and 3 above but doesn't seem to be designed to route a large number of requests through it since it's more of a manual testing tool and is trying to store all the HTTP requests/responses.  In this case I'm not really interested in storing or viewing the HTTP requests/responses, just need a way to intelligently route requests to certain hostnames through an outgoing proxy server and bypass the outgoing proxy server for other hostnames.

Thanks,
Brian

----------------------------------------------------------------------
This e-mail, including any attached files, may contain confidential and privileged information for the sole use of the intended recipient.  Any review, use, distribution, or disclosure by others is strictly prohibited.  If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090820/bf5eb9e0/attachment.html>


More information about the websecurity mailing list