Hi, On Tue, 12 Apr 2005 14:23:58 +0200 Antoine <[EMAIL PROTECTED]> wrote:
> btw, it is in https, but seeing as it is my browser I want to spy on, > isn't that OK? technically, it is not. You could intercept network traffic at the link level and even simulate the remote host and its correct address but you'd need to gain the key and cert of the remote server to make your solution fully transparent. Usually, you don't have the key. If it's not intended to be fully transparent, it's no problem to use any custom certificate for that or even do https only from proxy to remote server and use plain http to the proxy. Simple network sniffers won't work here, the traffic would be encrypted. Seems that "ssldump" can do the fully transparent decryption of ssl connections. For the proxy-solution with a new certificate have a look at the famous "dsniff" package and read about "webmitm". This will be of interest: http://monkey.org/~dugsong/dsniff/faq.html#How%20do%20I%20sniff%20/%20hijack%20HTTPS%20/%20SSH%20connections HWH -- [email protected] mailing list
