[WEB SECURITY] Looking For Some Proxy Advice

Arian J. Evans arian.evans at anachronic.com
Thu Aug 20 14:57:26 EDT 2009


I have always had severe memory-leak issues with Webscarab trying to
run automated requests in volume through it. Suspect Brian has too.

Never tried with Burp - though I am sure some of the engineers I work
with have. Let me ask them.


-- 
Arian Evans



On Thu, Aug 20, 2009 at 11:14 AM, Mark
Feferman<Mark.Feferman at halliburton.com> wrote:
> What about WebScarab?  I think it supports all of these things.
>
>
>
>
>
> From: Brian Shura [mailto:bshura73 at gmail.com]
> Sent: Thursday, August 20, 2009 12:21 PM
> To: websecurity at webappsec.org
> Subject: [WEB SECURITY] Looking For Some Proxy Advice
>
>
>
> Does anyone know of a free HTTP proxy that can be easily installed on a
> desktop and has the following capabilities?
>
>
>
> 1.  Ability to configure an outgoing proxy server.
>
> 2.  Support for an outgoing proxy server that requires NTML authentication.
>
> 3.  Ability to define a "proxy bypass list" so that the outgoing proxy
> server is not used for specific IP addresses or hostnames.
>
> 4.  Ability to point a web application scanner at this proxy and run a scan
> through the proxy without the proxy bogging down and crashing.
>
>
>
> Paros supports items 1, 2, and 3 above but doesn't seem to be designed to
> route a large number of requests through it since it's more of a manual
> testing tool and is trying to store all the HTTP requests/responses.  In
> this case I'm not really interested in storing or viewing the HTTP
> requests/responses, just need a way to intelligently route requests to
> certain hostnames through an outgoing proxy server and bypass the outgoing
> proxy server for other hostnames.
>
>
>
> Thanks,
> Brian
>
> ________________________________
> This e-mail, including any attached files, may contain confidential and
> privileged information for the sole use of the intended recipient. Any
> review, use, distribution, or disclosure by others is strictly prohibited.
> If you are not the intended recipient (or authorized to receive information
> for the intended recipient), please contact the sender by reply e-mail and
> delete all copies of this message.
>

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list