A web developer’s diary

August 2, 2016

Developer Tools and Proxy Chaining

Filed under: PHP,Tools — Celia @ 1:40 pm

What do IE developer tools and Proxy chaining have in common? Nothing other than the fact I learnt about both today.

Earlier, when I had to do authorization level attacks while logging in as a low privileged user, I used to construct the whole HTTP request in proxies and send those to Burp repeater, tweaking it till I get the response I wanted. A colleague who happens to be a Share point developer also told me know to invoke Javascript directly even if its not linked from anywhere within HTML. Enter ‘IE Developer Tools : F12’.

That made my work easier and instead of using Burp, I used Developer Tools this time to show a proof of exploit. The development team was happy too as they were able to replicate the scenario much better.

Proxy Chaining: I have been doing this all along for 3 years without knowing that there is a specific term for it. Was having a specific proxy configuration problem with Acunetix. It just didn’t connect to the site even though the proxy configuration details were right. Got Burp Suite in between Acunetix and Site and voila, it worked.

This is called as ‘Proxy Chaining’ it seems. NICE!!

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: