From: Krugger (merc4krugger@gmail.com)
Date: Mon Dec 11 2006 - 13:18:03 EST
So what you mean is that they use SSL to encrypt the connection,
pretty standard.
They didn't show up because SSL usually starts using port 445, and you
http proxy probably only listens to port 80. Even if it would actually
be aware of port 445 it wouldn't be useful, as it is encrypted. You
can intercept the encrypted connection with ettercap for example.
Link: http://www.irongeek.com/i.php?page=security/ettercapfilter
xpd = XML pipeline document
Link: http://razor.occams.info/code/xpd/
As you seem quite imprecise, is it really a webservice or does it only
look like one?
Link: http://www.w3.org/TR/wsdl
Check for compliance with PCI 1.1.
Link: https://www.pcisecuritystandards.org
So you been hired to verify the security of the e-commerce site?
I am always amazed :)
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:26 EDT