RE: [WEB SECURITY] Surf Jack - HTTPS will not save you

["Martin O'Neal" <martin.oneal () corsaire com>]

I couldn't see it mentioned in the paper or referenced material (but to
be fair, I didn't spend a lot of time looking :) but this works just as
well for sites that have no http server available at all (https only).
All that is required is a listening port; simply make your URI into
http://target:443 and the cookies are yours.

Martin...

-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------