I need to know; so if you have a doc that shows I am wrong about how FF3
encrypts the data, then, with all due respect and a hallelujah, it would
be appreciated.
Anthony Pace wrote:
This is for a man in the middle attack where the attacker I
theoretically wouldn't know the keys that the client and the server
are exchanging.
A proxy would only be able to monitor the stream, but it would not be
able to decypher the data unless the handshake was faulty or the keys
were small enough to break; however, if you know different, and I
really mean it, if my logic is screwed and I need to know, please tell
me.
Thanks,
Anthony
Dave Watts wrote:
I know I could create a proxy and run a filter on each request; yet,
this
would not allow me to modify the request before FF3 encrypts it.
Yes it will. The proxy would serve as the SSL endpoint. Paros proxy
does this quite easily, and there's plenty of documentation out there
on how to use it, last I looked.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago, Baltimore, Northern Virginia, or on-site at your location.
Visit http://training.figleaf.com/ for more information!
_______________________________________________
Flashcoders mailing list
[email protected]
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
_______________________________________________
Flashcoders mailing list
[email protected]
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
_______________________________________________
Flashcoders mailing list
[email protected]
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
