this is similar to ServiceCapture, Charles, Wireshark, etc, eh? They are 'man-in-the-middle' tools. They have to be installed and running on the PC to intercept/view any http/https requests.
Tom, you are merely suggesting that it is possible that a user could have a man-in-the-middle virus/proggy running unbeknownst to them? DK On Mon, Apr 28, 2008 at 11:13 AM, valdhor <[EMAIL PROTECTED]> wrote: > Hmmm - I will have to check out WebScarab. > > > --- In flexcoders@yahoogroups.com <flexcoders%40yahoogroups.com>, Tom > Chiverton <[EMAIL PROTECTED]> > wrote: > > > > On Monday 28 Apr 2008, valdhor wrote: > > > We use SSL Encryption of the username and password as well as the data > > > going over the wire. > > > > Uh huh. > > > > > Are you saying that it is trivial for someone to find out the source > > > and destination of the encrypted SSL stream, grab this data off the > > > wire and decrypt it? > > > > I'm saying I can, and have, used WebScarab (for instance) as an SSL > proxy, and > > been able to see the plain text of both request and response. > > It's a free Java tool, and I've personally had it work on both WinXP > and SuSE > > Linux. > > > > -- > > Tom Chiverton > > Helping to dynamically reinvent frictionless e-commerce > > on: http://thefalken.livejournal.com > > > > **************************************************** > > > > This email is sent for and on behalf of Halliwells LLP. > > > > Halliwells LLP is a limited liability partnership registered in > England and Wales under registered number OC307980 whose registered > office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, > Manchester, M3 3EB. A list of members is available for inspection at > the registered office. Any reference to a partner in relation to > Halliwells LLP means a member of Halliwells LLP. Regulated by The > Solicitors Regulation Authority. > > > > CONFIDENTIALITY > > > > This email is intended only for the use of the addressee named above > and may be confidential or legally privileged. If you are not the > addressee you must not read it and must not use any information > contained in nor copy it nor inform any person other than Halliwells > LLP or the addressee of its existence or contents. If you have > received this email in error please delete it and notify Halliwells > LLP IT Department on 0870 365 2500. > > > > For more information about Halliwells LLP visit www.halliwells.com. > > > > > -- Douglas Knudsen http://www.cubicleman.com this is my signature, like it?
