Evading Client-Certificate Authentication
From: Kevin Vanhaelen (blowfish448_at_hotmail.com)
Date: 03/31/04
- Previous message: Imre Kertesz: "Re: Evading Client-Certificate Authentication"
- Next in thread: Imre Kertesz: "Re: Evading Client-Certificate Authentication"
- Reply: Imre Kertesz: "Re: Evading Client-Certificate Authentication"
- Reply: Jason: "Re: Evading Client-Certificate Authentication"
- Maybe reply: Brad Showalter: "Re: Evading Client-Certificate Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <pen-test@securityfocus.com>, <webappsec@securityfocus.com> Date: Wed, 31 Mar 2004 22:43:56 +0200
Hi to all,
whilst in the middle of a Penetration Test I stumbled on a web server only
serving SSL and demanding the client to present
a certificate to identify himself.
I tried to nikto it with sslproxy and browse the site thru paros both with a
temporary Verisign personal certificate.
No such luck, the server keeps bouncing me off. Even vulnerability scanners
like Nessus and Retina don't get passed
the port-scan portion.
Does anyone have an idea to further assess this server? Am I looking at a
mission impossible here maybe?
Thanks,
~kevin
---------------------------------------------------------------------------
You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.
www.coresecurity.com/promos/sf_ept1
----------------------------------------------------------------------------
- Previous message: Imre Kertesz: "Re: Evading Client-Certificate Authentication"
- Next in thread: Imre Kertesz: "Re: Evading Client-Certificate Authentication"
- Reply: Imre Kertesz: "Re: Evading Client-Certificate Authentication"
- Reply: Jason: "Re: Evading Client-Certificate Authentication"
- Maybe reply: Brad Showalter: "Re: Evading Client-Certificate Authentication"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
