posted in Tools & sources on Aug 18th, 2012
What is HTTPSReverseProxy HTTPSReverseProxy is a HTTPS reverse proxy server written in C#. When it is started it listens on the regular HTTPS port (443), waits for incoming requests and forwards these to the server that is defined in the HTTP request headers Host directive. But instead of just forwarding requests it is also possible [...]
posted in Reading material, Stuff on Nov 8th, 2009
This is the document with the proof of concept which explains the attack on the SSL/TLS reconnect vulnerability. It allows to inject data into the encrypted data stream, often without detection by either end of the connection. I normally don’t publish exploit codes because of it’s short time value. But this one is rather special. [...]
posted in External tools, Tools & sources on Aug 11th, 2009
At BlackHat DC 2009 Moxie Marlinspike demonstrated how to subvert HTTPS with SSLStrip. SSLStrip intercepts HTTP traffic, watches for HTTPS links inside the data stream and maps these HTTPS links to HTTP. Whenever a victim clicks on such a mapped HTTPS link SSLStrip will notice it and act as a HTTP2HTTPS proxy server. All the [...]