On Jul 13, 2012, at 11:07, Tim <[email protected]> wrote:
> This is complicated, but it's not that much more complicated than what > existing MitM tools, such as sslstrip, already do. Better. I'm fairly certain this entire attack could be automated/orchestrated with mitmproxy with close to zero code changes. Only "hard" part is the procurement of a ca that will work on the target or finding some "behind the firewall" app to target that already uses a self-signed/invalid cert the users are used to clicking through. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
