Comments (2)
The text means just this. The proxy is engineered with certain assumptions about
usual HTTP client and server behaviors; no effort was made, and absolutely no
guarantees are given, regarding the accuracy of collected logs, or even proper
operation of the proxy itself, if any of the parties to the proxied
communications
are grossly misbehaving or rogue.
I am not aware of any obvious vector that would allow remote code execution
under
such circumstances, but as noted, there are no guarantees. If you are testing
your
corporate networks on an open wifi network with no VPN, I'd guess the risk I
messed
up something with the code is one of your least concerns, however :-)
Original comment by [email protected]
on 15 Feb 2009 at 11:00
- Changed state: WontFix
from ratproxy.
I see. Thanks for your response.
I don't work for a company. I wanted to use ratproxy to test my App Engine site
(so
there is no VPN; and the App Engine dev server is sufficiently different from
production to warrant performing the tests on the live website). So I guess
I'll just
throw in a MITM proxy that would verify the *.appspot.com SSL certificate and
use
ratproxy through it.
Original comment by alexkon
on 15 Feb 2009 at 11:38
from ratproxy.
Related Issues (20)
- [deleted issue]
- Client SSL handshake failed HOT 2
- RatProxy 5.1 not working (SYSTEM ERROR : cannot bind to port [listen_loop(), ratproxy.c:1609]) HOT 1
- To use ratproxy to scan an application url not hosted in the localhost HOT 1
- Support client certificate authentication HOT 1
- SSL Key File not loaded if ratproxy is not started from the default folder HOT 2
- ratproxy-report.sh TODO: Use standalone stylesheets to conserve bytes.
- Scheduling a scan in ratproxy HOT 1
- Sniffed MIME type "application_javascript" instead of "application/javascript" HOT 1
- Unrecognized Certificate Authority HOT 2
- test 1234 HOT 1
- Hardcoded web-server ports HOT 5
- open forms from reports in new window HOT 1
- memory corruption HOT 2
- Report risk and risk modifier designations HOT 2
- ratproxy.c:1635: error: incompatible type for argument 2 of `waitpid' HOT 13
- ratproxy-report.sh: line 29: $'\r': command not found HOT 1
- cannot bind to port [listen_loop(), ratproxy.c:1618] HOT 1
- Google Code closing
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ratproxy.