[Owasp-leaders] [Owasp-webscarab] OWASP Proxy
Anthony
anthonation at gmail.com
Sun Dec 14 06:13:12 EST 2008
It could be awesome if it supports SOCKS
Regards,
Anthony Lai
On 2008年12月14日, at 18:32, Nam Nguyen
<namn at bluemoon.com.vn> wrote:
> On Sun, 14 Dec 2008 10:20:35 +0100
> Stephen de Vries <stephen at twisteddelight.org> wrote:
>
>>
>> On Dec 14, 2008, at 9:10 AM, Rogan Dawes wrote:
>>>
>>> WebScarab's proxy and HttpClient implementation were also not as
>>> "binary-clean" as some people would have liked. For example, while
>>> parsing message headers, WebScarab would normalise "Host:
>>> host" (note
>>> two spaces between ":" and "host") back to "Host: host" (only one
>>> space). For some people, that was a big deal, and prevented them
>>> from
>>> using WebScarab entirely. Amongst other things, it meant that
>>> WebScarab
>>> was unsuited to testing client-side vulnerabilities. OWASP Proxy
>>> uses a
>>> byte[] to represent the entire message that is sent between client
>>> and
>>> server and vice versa, and then layers more friendly methods for
>>> accessing specific message properties on top of that.
>>>
>>> So, OWASP Proxy is intended to address these issues. It is a small
>>> (45kB
>>> jar) library (not a stand-alone executable) that Java developers can
>>> use
>>> when they need to add intercepting or logging proxy capabilities to
>>> their own programs.
>
> Do I hear re-usability? Lovely!
>
>>
>> Out of interest, will it be easy to strip out just the http client
>> implementation from the OWASP Proxy library? IMO, this could be very
>> useful as the Apache HttpClient is really the only viable library
>> available at the moment. It would be nice to have an alternative
>> that's more literal and doesn't try to fix requests.
>
> My bet is it is not the objective of OWASP Proxy, unless Rogan has
> another plan.
>
> By the way, talking about WebScarab-NG, I would very much like to
> see support for SOCKS 4/5 proxy. Probably that can be factored into
> this OWASP Proxy library?
>
> Cheers
> --
> Nam
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
More information about the OWASP-Leaders
mailing list