Page 1 of 1

Site security sniffer?

Posted: Sun Aug 03, 2003 6:47 pm
by mikusan
Hi, could anyone suggest to me any utility i can use to test the security of my site? I am looking for a sniffer that will allow me to monitor my site and see all the requests. I would like to track other people entering on my site and plugging in their username and password. (That is just an example as my passwords are encrypted). I also want to see if i have to make more changes to my session handler to see if my sessions are easy to hijack. It will also come into use as i am planning to start using a shopping cart and i want to see first hand how things work behind the scenes.

Thanks.

Posted: Sun Aug 03, 2003 9:09 pm
by qartis
ethereal is THE packet sniffer, just make sure you use it solely for your own documents and requests, or (in the continetal states, anyway) you could go to jail.

Posted: Mon Aug 04, 2003 8:56 am
by mikusan
Well i would have to install it on my server, which means somehting different. If nobody else can intercept packets going from my machine to the server, including encrypted/unencrypted data then im good. But if there is a way to intercept i would like ot know it so that i can protect my site agianst it. Ethereal, perhaps i dunno how to use it, but nobody can install it on my server unless it's me. I am looking at something someone would use to intercept packets that are not destined to him per se.

I am afraid i will have to rewrite my sesion handler but i would like to see in person what is the best way i can secure my sessions, with my own eyes you know... get into the enemy's shoes :)