WebApp Sec mailing list archives
RE: Evading Client-Certificate Authentication
From: "Rob Shein" <shoten () starpower net>
Date: Thu, 1 Apr 2004 15:04:17 -0500
Might you be able to find a copy of the certificate on another system? I don't know what the scope of work includes as fair game in the test, but if you could get at a laptop and pull the cert, you'd be in. Outside of that, or social engineering to accomplish the same end objective, I don't see a way past this.
whilst in the middle of a Penetration Test I stumbled on a web server only serving SSL and demanding the client to present a certificate to identify himself. I tried to nikto it with sslproxy and browse the site thru paros both with a temporary Verisign personal certificate. No such luck, the server keeps bouncing me off. Even vulnerability scanners like Nessus and Retina don't get passed the port-scan portion.
Current thread:
- Re: Evading Client-Certificate Authentication Imre Kertesz (Mar 31)
- Re: Evading Client-Certificate Authentication Kevin Vanhaelen (Apr 01)
- Re: Evading Client-Certificate Authentication Rogan Dawes (Apr 02)
- <Possible follow-ups>
- Re: Evading Client-Certificate Authentication Jason (Apr 01)
- RE: Evading Client-Certificate Authentication Rob Shein (Apr 01)
- Re: Evading Client-Certificate Authentication danielrm26 (Apr 04)
- RE: Evading Client-Certificate Authentication email lists (Apr 07)
- Re: Evading Client-Certificate Authentication Kevin Vanhaelen (Apr 01)