Tools to intercept and test non-HTTP protocols

Paladion
By Paladion

February 13, 2007

Here're three free tools that your internal testers might find useful if your application uses non-HTTP protocols. We use them frequently in our penetration tests.
These tools are intercepting proxies - they let testers intercept the traffic, and edit them on the fly. We want to see how the server responds when it gets unexpected input. Sometimes the input injected is junk, when we want to trigger eror messages. Bur more often, we replace contents in the stream with meaningful values. For instance, does changing the account number in the request get me access to accounts I don't have access to?
1. Echo Mirage
2. Winsock Packet Editor Pro
3. Interactive TCP Relay


Tags: Uncategorized

About

Paladion

SUBSCRIBE TO OUR BLOG

Buyers-Guide-Collateral

WHITEPAPER

Buyer’s Guide to Managed Detection and Response

Download
MDR

Get AI Powered

Managed Detection and Response

MDR-learmore-btn

 

MDR-Guide-Collateral

REPORT

AI-Driven Managed Detection and Response

Download Report
Episode

EPISODE-25

Red-LineAsset-6

Why Your ‘Likes’ on Facebook May Be Revealing Far More than You Thought

Click URL in the Post for the Full Podacst
  • FacebookAsset
  • LinkedinAsset
  • TwitterAsset