Site security sniffer?

XML, Perl, Python, and other languages can be discussed here, even if it isn't PHP (We might forgive you).

Moderator: General Moderators

Post Reply
User avatar
mikusan
Forum Contributor
Posts: 247
Joined: Thu May 01, 2003 1:48 pm

Site security sniffer?

Post by mikusan »

Hi, could anyone suggest to me any utility i can use to test the security of my site? I am looking for a sniffer that will allow me to monitor my site and see all the requests. I would like to track other people entering on my site and plugging in their username and password. (That is just an example as my passwords are encrypted). I also want to see if i have to make more changes to my session handler to see if my sessions are easy to hijack. It will also come into use as i am planning to start using a shopping cart and i want to see first hand how things work behind the scenes.

Thanks.
qartis
Forum Contributor
Posts: 271
Joined: Sat Dec 14, 2002 4:43 pm
Location: BC, Canada
Contact:

Post by qartis »

ethereal is THE packet sniffer, just make sure you use it solely for your own documents and requests, or (in the continetal states, anyway) you could go to jail.
User avatar
mikusan
Forum Contributor
Posts: 247
Joined: Thu May 01, 2003 1:48 pm

Post by mikusan »

Well i would have to install it on my server, which means somehting different. If nobody else can intercept packets going from my machine to the server, including encrypted/unencrypted data then im good. But if there is a way to intercept i would like ot know it so that i can protect my site agianst it. Ethereal, perhaps i dunno how to use it, but nobody can install it on my server unless it's me. I am looking at something someone would use to intercept packets that are not destined to him per se.

I am afraid i will have to rewrite my sesion handler but i would like to see in person what is the best way i can secure my sessions, with my own eyes you know... get into the enemy's shoes :)
Post Reply