[Owasp-leaders] [Owasp-webscarab] OWASP Proxy

Anthony anthonation at gmail.com
Sun Dec 14 06:13:12 EST 2008


It could be awesome if it supports SOCKS

Regards,
Anthony Lai


On 2008年12月14日, at 18:32, Nam Nguyen  
<namn at bluemoon.com.vn> wrote:

> On Sun, 14 Dec 2008 10:20:35 +0100
> Stephen de Vries <stephen at twisteddelight.org> wrote:
>
>>
>> On Dec 14, 2008, at 9:10 AM, Rogan Dawes wrote:
>>>
>>> WebScarab's proxy and HttpClient implementation were also not as
>>> "binary-clean" as some people would have liked. For example, while
>>> parsing message headers, WebScarab would normalise "Host:   
>>> host" (note
>>> two spaces between ":" and "host") back to "Host: host" (only one
>>> space). For some people, that was a big deal, and prevented them  
>>> from
>>> using WebScarab entirely. Amongst other things, it meant that
>>> WebScarab
>>> was unsuited to testing client-side vulnerabilities. OWASP Proxy
>>> uses a
>>> byte[] to represent the entire message that is sent between client  
>>> and
>>> server and vice versa, and then layers more friendly methods for
>>> accessing specific message properties on top of that.
>>>
>>> So, OWASP Proxy is intended to address these issues. It is a small
>>> (45kB
>>> jar) library (not a stand-alone executable) that Java developers can
>>> use
>>> when they need to add intercepting or logging proxy capabilities to
>>> their own programs.
>
> Do I hear re-usability? Lovely!
>
>>
>> Out of interest, will it be easy to strip out just the http client
>> implementation from the OWASP Proxy library?  IMO, this could be very
>> useful as the Apache HttpClient is really the only viable library
>> available at the moment.  It would be nice to have an alternative
>> that's more literal and doesn't try to fix requests.
>
> My bet is it is not the objective of OWASP Proxy, unless Rogan has  
> another plan.
>
> By the way, talking about WebScarab-NG, I would very much like to  
> see support for SOCKS 4/5 proxy. Probably that can be factored into  
> this OWASP Proxy library?
>
> Cheers
> -- 
> Nam
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list