Re: Canadian census snake oil...

Paul Rubin wrote:
The stuff passing through the proxy is ciphertext.

Oops. I thought there was a design where you make an HTTP/HTTPS connection to the proxy (and verify its certificate) and the proxy makes an independent HTTPS connection to the remote host (and verifies its certificate). Fine and even useful if you trust the proxy. But I guess I'm wrong and this kind of proxy doesn't exist at all.

-- Ben
.

Relevant Pages

  • Re: Preventing tunnels through HTTPS proxies
    ... The client is given a Certificate signed by the proxy that ... who then will present its certificate to the ... proxy (now becoming the client). ... Next step is a redirect to the main requested website, i prefer use HTTP ...
    (Security-Basics)
  • Re: HTTPS proxy tool that resigns SSL certs
    ... > Does anyone know of an HTTPS proxy tool that will let you resign SSL> certificates when doing a MITM attack? ... but this will still pop up a certificate warning. ... > client end network - DNS, routing, etc... ...
    (Pen-Test)
  • Re: Save from Proxy
    ... that is going via proxy I doubt this because number of times when I ... certificates or what soever be ... outside of the untrusted network, but becomes invalid, as soon as you ... this is a clear sign that the administrators are replacing it. ...
    (comp.os.linux.security)
  • Re: ISA2006 (No SP1) Single NIC Workgroup DMZ Client Certificate Auth
    ... You can't "proxy" a certificate. ... You'll have to use Server Publishing for this site if you insist on cert ...
    (microsoft.public.isa)
  • RE: SSL MITM not on port 443
    ... Unfortunately i've already tried to use Paros as a MITM proxy for the ... However I need to replace the normal Paros certificate with one ... seem to function for the connection, and Ettercap seems to ignore the ... Try pointing the application to a MITM proxy like Paros ...
    (Pen-Test)