This is for a man in the middle attack where the attacker I
theoretically wouldn't know the keys that the client and the server are
exchanging.
A proxy would only be able to monitor the stream, but it would not be
able to decypher the data unless the handshake was faulty or the keys
were small enough to break; however, if you know different, and I really
mean it, if my logic is screwed and I need to know, please tell me.
Thanks,
Anthony
Dave Watts wrote:
I know I could create a proxy and run a filter on each request; yet, this
would not allow me to modify the request before FF3 encrypts it.
Yes it will. The proxy would serve as the SSL endpoint. Paros proxy
does this quite easily, and there's plenty of documentation out there
on how to use it, last I looked.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore, Northern Virginia, or on-site at your location.
Visit http://training.figleaf.com/ for more information!
_______________________________________________
Flashcoders mailing list
[email protected]
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
_______________________________________________
Flashcoders mailing list
[email protected]
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
