Penetration Testing mailing list archives

Re: [PEN-TEST] Scanning through SSL proxies.

From: Mordechai Ovits <movits () OVITS NET>
Date: Mon, 18 Sep 2000 12:13:53 -0400

On Sat, Sep 16, 2000 at 05:48:41PM -0700, matt lind wrote:

 SSl proxing can be done through a combination of techniques. First connect to the target machine using stunnel or 
some similar app. Next use a port redirector on you local machine to funnel any port 80 traffic through the stunnel'd 
port.
cha ching. security? hmm. i don't think so.
--


Yup, stunnel is *excellent*.  It can do alot more than simple proxying.  For
example, it can do certifcate checking, even for client-side certs.

On Fri, 8 Sep 2000 09:24:01
 van Eeden, Stieler wrote:

Since everybody is starting to realise that SSL is a more secure protocol
than HTTP


Argh!  HTTP runs *over* SSL.  It's not /better/ than it!

Mordy

Current thread:

[PEN-TEST] Scanning through SSL proxies. van Eeden, Stieler (Sep 08)
- <Possible follow-ups>
- Re: [PEN-TEST] Scanning through SSL proxies. Chris Romeo (Sep 08)
- Re: [PEN-TEST] Scanning through SSL proxies. matt lind (Sep 18)
  - Re: [PEN-TEST] Scanning through SSL proxies. Mordechai Ovits (Sep 18)