I was recently pointed to the app ettercap (http://ettercap.sourceforge.net/), which claims (among other things):
"HTTPS support : you can sniff http SSL secured data... and even if the connection is made through a PROXY" Google yielded this info: http://lists.debian.org/debian-security/2001/debian-security-200109/msg00060 .html but I'm still not clear on what exactly is going on. From what I gather, the ettercap box will serve as a go-between for all traffic between server and client, and the client will get some kind of an error about the key changing, and if the user chooses to continue the transaction, there's nothing more that can be done. Does anyone know anything more about this program, or how serious a threat this is? Has anyone ever actually had an SSL session intercepted with this? It looks like the app has been out for a while so maybe this has been discussed before, but it's new to me, and any info would be appreciated.
