A basic/newbie question on https.
- From: Harry <simonsharry@xxxxxxxxx>
- Date: Wed, 30 Jan 2008 17:55:22 -0800 (PST)
Hello,
Let's say, I can securely log into https://<URL> site using username
'u1' and password 'p1' from within a browser.
1. Is it possible to write a proxy
* that runs on my client machine,
* that the browser on the same client machine points to,
* that intercepts another username/password pair -- u2/p2 --
entered on the login page of the site and transforms it to u1/p1 so
that the user authentication can happen ?
Basically, what I'm trying to accomplish is temporarily allow a user
to log into https://<URL> without actually divulging the real username/
password (u1/p1). (I would validate u2/p2 within the above proxy so
that only the users I allow can access the site.)
This proxy could either be a stand-alone program, or a browser plugin.
I know https is a secure protocol; what I don't know is the point at
which the encryption occurs and whether or not this point is late
enough to allow interception from the browsing machine... whether a
browser would allow hooks / interception API without compromising the
motivations/goals of the https protocol.
2. Also, any recommendations for a 'good' open-source http proxy?
Muffin seems to be very old project. Proxomitron is superb but is not
opensource!
Many thanks in advance,
/HS
.
- Follow-Ups:
- Re: A basic/newbie question on https.
- From: Todd H.
- Re: A basic/newbie question on https.
- Prev by Date: Re: Software to wipe disk drives on servers and pc
- Next by Date: Re: erase mac hard drive
- Previous by thread: Software to wipe disk drives on servers and pc
- Next by thread: Re: A basic/newbie question on https.
- Index(es):
Relevant Pages
|
|
