Nelson B wrote: > Umesh Bywar wrote: > >> I am trying to write a man-in-the-middle proxy as an extension to >> mozilla. This proxy is basically supposed to intercept HTTP/HTTPS >> requests, parse them and forward them to the appropriate server. > > This is a profoundly bad idea. It has serious security vulnerability > implications for the user (all such MITM proxies do). If you're trying > to help the user, the way to do it is to do it IN the browser at the > point where the user clicks the link/button that starts the submission, > before the https request is initiated and sent.
I will add that IF an MITM proxy were to be offered to mozilla as an extension to be hosted on addons.mozilla.org, I would vigorously oppose it. -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
