[WEB SECURITY] Looking For Some Proxy Advice
Arian J. Evans
arian.evans at anachronic.com
Thu Aug 20 14:57:26 EDT 2009
I have always had severe memory-leak issues with Webscarab trying to
run automated requests in volume through it. Suspect Brian has too.
Never tried with Burp - though I am sure some of the engineers I work
with have. Let me ask them.
On Thu, Aug 20, 2009 at 11:14 AM, Mark
Feferman<Mark.Feferman at halliburton.com> wrote:
> What about WebScarab? I think it supports all of these things.
> From: Brian Shura [mailto:bshura73 at gmail.com]
> Sent: Thursday, August 20, 2009 12:21 PM
> To: websecurity at webappsec.org
> Subject: [WEB SECURITY] Looking For Some Proxy Advice
> Does anyone know of a free HTTP proxy that can be easily installed on a
> desktop and has the following capabilities?
> 1. Ability to configure an outgoing proxy server.
> 2. Support for an outgoing proxy server that requires NTML authentication.
> 3. Ability to define a "proxy bypass list" so that the outgoing proxy
> server is not used for specific IP addresses or hostnames.
> 4. Ability to point a web application scanner at this proxy and run a scan
> through the proxy without the proxy bogging down and crashing.
> Paros supports items 1, 2, and 3 above but doesn't seem to be designed to
> route a large number of requests through it since it's more of a manual
> testing tool and is trying to store all the HTTP requests/responses. In
> this case I'm not really interested in storing or viewing the HTTP
> requests/responses, just need a way to intelligently route requests to
> certain hostnames through an outgoing proxy server and bypass the outgoing
> proxy server for other hostnames.
> This e-mail, including any attached files, may contain confidential and
> privileged information for the sole use of the intended recipient. Any
> review, use, distribution, or disclosure by others is strictly prohibited.
> If you are not the intended recipient (or authorized to receive information
> for the intended recipient), please contact the sender by reply e-mail and
> delete all copies of this message.
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
More information about the websecurity