I've been looking for a mechanism by which to validate XSS or SQLi issues with older browsers on current testing systems (2003, 2008, Vista, or Win7) .
I've come across these two potential options:
I'm wondering if anyone has experience with either? Good or bad? Also, specifically for IETester I'm wondering if anyone has used it and bothered to fire up ettercap or wireshark to see if it does any "phoning home" with data it shouldn't etc
Edit: To be clear I did do some checking with IETester this morning and wireshark and didn't find it sending out any traffic I did not expect. I'm still open to feedback on any aspect of the tool(s) from anyone though.