Dailydave mailing list archives
Re: SSL MITM fun.
From: Berend-Jan Wever <berendjanwever () gmail com>
Date: Thu, 19 Feb 2009 22:42:39 +0100
On Thu, Feb 19, 2009 at 7:04 PM, Dan Moniz <dnm () pobox com> wrote:
On Thu, Feb 19, 2009 at 12:07 PM, Dave Aitel <dave () immunityinc com> wrote:1. Register a .cn address and use unicode character for / and ? to have HTTPS://www.paypal.com/?domain.cn?<some args> validateUnless I'm missing something, this is essentially what Eric Johanson said in 2005 about IDN: http://www.shmoo.com/idn/homograph.txt
If you have access, have a look at https://bugzilla.mozilla.org/show_bug.cgi?id=441811 _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- SSL MITM fun., (continued)
- Message not available
- SSL MITM fun. Dan Moniz (Feb 19)
- Re: SSL MITM fun. Alexander Sotirov (Feb 19)
- Re: SSL MITM fun. Dan Moniz (Feb 19)
- Re: SSL MITM fun. Chris Weber (Feb 20)
- Re: SSL MITM fun. Michal Zalewski (Feb 20)
- Re: SSL MITM fun. Alexander Sotirov (Feb 20)
- Re: SSL MITM fun. Michal Zalewski (Feb 20)
- Re: SSL MITM fun. Robert Święcki (Feb 20)
- Message not available
- Re: SSL MITM fun. Michal Zalewski (Feb 20)
- Message not available
- Re: SSL MITM fun. Michal Zalewski (Feb 19)
- Re: SSL MITM fun. Berend-Jan Wever (Feb 19)
- Re: SSL MITM fun. Fyodor (Feb 19)
- Re: SSL MITM fun. Richard Bejtlich (Feb 20)
- Re: SSL MITM fun. jmoss (Feb 24)
- Re: SSL MITM fun. Dragos Ruiu (Feb 19)