[prev in list] [next in list] [prev in thread] [next in thread] 

List:       owasp-webscarab
Subject:    Re: [Owasp-webscarab] [Owasp-proxy] NTLM authentication
From:       Rogan Dawes <rogan () dawes ! za ! net>
Date:       2010-04-23 8:45:00
Message-ID: 4BD15E0C.7000704 () dawes ! za ! net
[Download RAW message or body]

On 2010/04/23 10:12 AM, Martin Holst Swende wrote:
> Rogan Dawes wrote:
>> If you can give me a sample request, I can try to ensure that these
>> exceptions do not occur.
>>   
> I'll have to dig a bit to find a good example to send (off-list), but
> here's the line which throws exception:
> UrlFetcher.attemptNegotiation():
> 557             String domain = credentials.substring(0,
> credentials.indexOf("\\"));
> So wrapping that else-clause in try-catch and returning null (?) fixes
> the immediate problem.

Well, I suppose I should just check to make sure that there is in fact a
\ character first, before blindly assuming. :-) Then no exception would
be needed.

>> Setting OWASP Proxy up as a reverse proxy is as simple as providing a
>> target InetSockAddr when creating the Proxy class. The target is then
>> passed down into the TargetedConnectionHandler, which uses that target
>> if a more specific one is not received (e.g. via SOCKS).
>
> Great news! I use owasp proxy a lot and have created a small
> jython-based UI for it, and will
> add this functionality to the startup-ui. When it is more complete, I
> will make it public.
> I have not yet created any interceptor for it, but plan to (probably
> reuse a lot from webscarab).

Sounds neat. I'd like to see it.

> Is there anyone on this list who have created any interceptor-ui? I
> would love to have it...

I am slowly working on a UI for OWASP Proxy, but it will probably be
commercial once I get it done.

Rogan
_______________________________________________
Owasp-webscarab mailing list
Owasp-webscarab@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-webscarab
[prev in list] [next in list] [prev in thread] [next in thread]