Tools to intercept and test non-HTTP protocols

By Paladion

February 13, 2007

Here're three free tools that your internal testers might find useful if your application uses non-HTTP protocols. We use them frequently in our penetration tests.
These tools are intercepting proxies - they let testers intercept the traffic, and edit them on the fly. We want to see how the server responds when it gets unexpected input. Sometimes the input injected is junk, when we want to trigger eror messages. Bur more often, we replace contents in the stream with meaningful values. For instance, does changing the account number in the request get me access to accounts I don't have access to?
1. Echo Mirage
2. Winsock Packet Editor Pro
3. Interactive TCP Relay

Tags: Uncategorized