[prev in list] [next in list] [prev in thread] [next in thread] 

List:       webappsec
Subject:    RE: New version of Exodus available
From:       "Dawes, Rogan (ZA - Johannesburg)" <rdawes () deloitte ! co ! za>
Date:       2003-06-18 5:45:28
[Download RAW message or body]

Er. Yes. Sorry. I'll fix it to not do that in future.

Sorry

> -----Original Message-----
> From: Tim Yohn [mailto:tyohn@alabanza.com] 
> Sent: 17 June 2003 07:35 PM
> To: Dawes, Rogan (ZA - Johannesburg); webappsec@securityfocus.com
> Subject: Re: New version of Exodus available
> 
> 
> All,
> 
> I'd like to point out one little thing that *everyone* that 
> tries this product 
> should be aware of.  It takes a directory as a command line 
> argument, then 
> procedes to delete (without prompting) anything in that 
> directory, no matter 
> what it is... Maybe a little prompting here would be nice, at 
> least a warning 
> that everything was going to be deleted instead of just going 
> and removing 
> everything...
> 
> The documentation on the website provided only states the following:
> 
> "Run exodus with a command like : 
> 
> java -jar exodus.jar directoryname
> 
> where directoryname is a directory that exodus should use to 
> store the 
> conversations seen. 
> If no parameter is passed, exodus will not save any analysis 
> at this point. 
> The directory need not exist, but the name should end with a slash 
> (appropriate for the platform)"
> 
> Tim. 
> 
> On Tuesday 17 June 2003 02:35 am, Dawes, Rogan (ZA - 
> Johannesburg) wrote:
> > Hi folks,
> > 
> > Following on from the discussion about editing form fields, 
> etc, I would
> > like to announce a new version of Exodus.
> > 
> > Exodus is a Java Swing application that provides a HTTP and 
> HTTPS proxy
> > facility, allowing the operator to view and/or intercept 
> and modify any and
> > all conversations between the browser and the server.
> > 
> > Exodus has significant functionality in terms of 
> visualising the target
> > site's structure, automatically fetching unseen links, 
> extracting comments,
> > forms and scripts from HTML responses, and submitting 
> "known-bad" values to
> > forms to test error handling.
> > 
> > Exodus is available from
> > http://mysite.mweb.co.za/residents/rdawes/exodus.html
> > 
> > All feedback is welcome.
> > 
> > Rogan
> > --
> > "Using encryption on the Internet is the equivalent of arranging an
> > armored car to deliver credit card information from someone living
> > in a cardboard box to someone living on a park bench."
> > - Gene Spafford
> > --
> > Deloitte & Touche Security Services Group
> > Tel: +27(11)806-6216     Fax: +27(11)806-5202     Cell: 
> +27(82)784-9498
> 

Important Notice: This email is subject to important restrictions, qualifications and \
disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by \
copying and pasting the following address into your Internet browser's address bar: \
http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the \
content of this email in terms of Section 11 of the Electronic Communications and \
Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a \
copy thereof from us by sending an email to ClientServiceCentre@Deloitte.co.za.


[prev in list] [next in list] [prev in thread] [next in thread]