RE: Firewalls & SSL

From: Paul Midian (paul.midian@insight.co.uk)
Date: 10/10/01 

Message-ID: <91FDB163EDE0D111BD200060084FA84275E7FB@HERBERT>
From: Paul Midian <paul.midian@insight.co.uk>
To: niumal weerasena <niumal@yahoo.com>, pen-test@securityfocus.com
Subject: RE: Firewalls & SSL
Date: Wed, 10 Oct 2001 19:58:28 +0100

>>
>> 3) How can I exploit secured (SSL) web server?
>>
>I would think the same way you would do a not secure one. For example,
>you can still attempt unicode exploits, wether it is https or not, just
>replace http by https. Unless they use authentication as well...

or use stunnel

------------Insight Consulting Limited--------------------------------
Insight Consulting Limited is a leading specialist provider of independent services in all aspects of information and communications security, business continuity and risk management from consultancy, implementation, testing and training to recruitment, research and outsourcing.
---------------------Disclaimer----------------------------------------
Internet communications are not secure and therefore Insight Consulting Limited does not accept legal responsibility for the contents of this message. Any views or opinions presented are solely those of the author and do not necessarily represent those of Insight Consulting Limited unless otherwise specifically stated. If this message is received by anyone other than the addressee, please notify the sender and then delete the message and any attachments from your computer.
-----------------------------------------------------------------------

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: faster scans? (nmap)
    ... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: pen test help please asap
    ... > Machine A on client site makes a configurable encrypted OUTBOUND ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: ettercap help
    ... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: CFM SQL injection
    ... You should better use union or alike get unauthorized data from the ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: ettercap help
    ... > I can get it to sniff telnet, ftp, pop, smb, but no vnc. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)