Hey, What exactly do you mean by proof of concept for such an attack? With commodity hardware and normal budget you cannot attack pinned certificate. The only "efficient" way to enable such an attack would be to patch the client side OS memory or Binary.
The are other attacks like downgrading from a secure version of TLS\SSL into a non secure one but all these attacks probably do not exist in applications which pin certificates in their binaries. Eliezer * If someone else know more then me about the subject just ignore my words and listen to the experts. ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -----Original Message----- From: squid-dev [mailto:squid-dev-boun...@lists.squid-cache.org] On Behalf Of stern0m1 Sent: Wednesday, September 27, 2017 18:25 To: squid-dev@lists.squid-cache.org Subject: [squid-dev] proof of concept for mitm attack for all ssl including pinned certificates Hi, I am new to squid, please pardon me if this has already been discussed. Is there a proof of concept somewhere to successfully use squid as a transparent proxy for a mitm attack for sites/applications with pinned a pinned certificate? Thanks -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Development-f1042840.html _______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev _______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
