Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[TOOL] Odysseus - Passthrough Data Manipulation Proxy

from [SecuriTeam] Network Security [Permanent Link]
Subject: [TOOL] Odysseus - Passthrough Data Manipulation Proxy
Date: 19 Dec 2006 19:41:08 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Odysseus - Passthrough Data Manipulation Proxy
------------------------------------------------------------------------


SUMMARY



DETAILS

Odysseus is a tool designed for testing the security of web applications.

Odysseus is a proxy server, which acts as a man-in-the-middle during an 
HTTP session. A typical HTTP proxy will relay packets to and from a client 
browser and a web server. Odysseus will intercept an HTTP session's data 
in either direction and give the user the ability to alter the data before 
transmission.

For example, during a normal HTTP SSL connection a typical proxy will 
relay the session between the server and the client and allow the two end 
nodes to negotiate SSL. In contrast, when in intercept mode, Odysseus will 
pretend to be the server and negotiate two SSL sessions, one with the 
client browser and another with the web server.

As data is transmitted between the two nodes, Odysseus decrypts the data 
and gives the user the ability to alter and/or log the data in clear text 
before transmission.

A companion utility, Telemachus, is available to further functionality 
during an application assessment.

Features:
 * Multi-threaded native Win32 executable. The use of native Window code, 
combined with extensive multi-threading, means that Odysseus is fast. 
Speed was a primary development objective.
 * No external dependencies. Everything needed to intercept web requests 
(apart from a browser configured to use Odysseus as a proxy :) is included 
in the distribution archive. No additional downloads or installations are 
required.
 * Flexible & configurable. A wealth of configuration options means 
Odysseus should be flexible enough to meet the needs of nearly any web 
based application assessment.
 * Low desktop profile. Odysseus doesn't clutter your desktop with 
redundant windows. A simple System Tray icon is all that is needed to 
access it's many features. The various components of Odysseus appear and 
disappear as configured, or instructed, by the user.


ADDITIONAL INFORMATION

The information has been provided by  <mailto:dave@bindshell.net> Dave.
To keep updated with the tool visit the project's homepage at:  
<http://www.bindshell.net/odysseus> http://www.bindshell.net/odysseus



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [TOOL] Odysseus - Passthrough Data Manipulation Proxy, SecuriTeam <=
Previous by Date:  [TOOL] sqlmap - Blind SQL Injection Tool, SecuriTeam
Next by Date:  [NT] Multiple Vulnerabilities in Mandiant First Response, SecuriTeam
Previous by Thread:  [TOOL] sqlmap - Blind SQL Injection Tool, SecuriTeam
Next by Thread:  [NT] Multiple Vulnerabilities in Mandiant First Response, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]