Penetration Testing mailing list archives
Re: [PEN-TEST] Scanning through SSL proxies.
From: Mordechai Ovits <movits () OVITS NET>
Date: Mon, 18 Sep 2000 12:13:53 -0400
On Sat, Sep 16, 2000 at 05:48:41PM -0700, matt lind wrote:
SSl proxing can be done through a combination of techniques. First connect to the target machine using stunnel or some similar app. Next use a port redirector on you local machine to funnel any port 80 traffic through the stunnel'd port. cha ching. security? hmm. i don't think so. --
Yup, stunnel is *excellent*. It can do alot more than simple proxying. For example, it can do certifcate checking, even for client-side certs.
On Fri, 8 Sep 2000 09:24:01 van Eeden, Stieler wrote:Since everybody is starting to realise that SSL is a more secure protocol than HTTP
Argh! HTTP runs *over* SSL. It's not /better/ than it! Mordy
Current thread:
- [PEN-TEST] Scanning through SSL proxies. van Eeden, Stieler (Sep 08)
- <Possible follow-ups>
- Re: [PEN-TEST] Scanning through SSL proxies. Chris Romeo (Sep 08)
- Re: [PEN-TEST] Scanning through SSL proxies. matt lind (Sep 18)
- Re: [PEN-TEST] Scanning through SSL proxies. Mordechai Ovits (Sep 18)