WCF SSL Validation

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So I'm doing an application assessment of a .Net 3.0 app that uses WCF a 
lot. I learned a lot of random things about Windows while reading up for 
it - they put http.sys into XP SP2, for example. I didn't realize that 
had gotten back-ported. Also the WCF .Net API does not treat 
certificates the same way that IE7 does. You can have a certificate 
imported into IE and then browse nicely through SPIKE Proxy but still 
have WCF requests fail with SSL validation errors. This is a pain but 
there's no way to bypass it that I can figure out.

Today the plan is to bypass the need for SSL MITM by using Immunity 
Debugger to hook the http request API and modify it on the fly the way 
JMS usually does.

- -dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHzqJ0tehAhL0gheoRAiTQAJ96S0kv0OG0GOu8RuDiBjX3UveqRQCeL25W
67e1M7T+GdnrCeUlTDmlFD8=
=aLCb
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave