Penetration Testing mailing list archives
Re: MS crypto API based ssl proxy??
From: Shashank Rai <shashrai () emirates net ae>
Date: Wed, 07 Jan 2004 07:37:11 +0400
It maybe uses the Micro$oft NTLM authentication scheme - or similar. What does a packet sniffer tell you, what happens? Bye Volker Tanger ITK-Security
It is nothing to do with NTLM auth (or for that matter basic auth). When i browse the site using IE, i am prompted to provide the user certificate. Running stunnel/sslproxy in debug mode clearly show the server requesting the client certificate. Packet sniffer is good only to the extent of showing me TLS v1 hand shake (and ofcourse the remaining conversation is encrypted). I belive the site is M$ specific, 'coz, sslproxy/stunnel manage to complete the SSL handshake, and open a connection to the server. But the moment i send a "GET / HTTP/1.0" request, the connection is closed from the server end, stating that the client certificate i provided is not valid (the certificate had been exported from IE, along with the private key). Hence the conclusion that the calls made to check the validity of the certificate are someway M$ specific!!! (as stated in my original post) Thanks anyway :) cheers, -- shashank <-- Here is the Packet that was fragmented and has been assembled again. (with apologies to JRR Tolkien :) --> --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- MS crypto API based ssl proxy?? Shashank Rai (Jan 06)
- Re: MS crypto API based ssl proxy?? Volker Tanger (Jan 06)
- Re: MS crypto API based ssl proxy?? Shashank Rai (Jan 07)
- <Possible follow-ups>
- RE: MS crypto API based ssl proxy?? Shashank Rai (Jan 07)
- Re: MS crypto API based ssl proxy?? Shade (Jan 07)
- RE: MS crypto API based ssl proxy?? Brewis, Mark (Jan 07)
- RE: MS crypto API based ssl proxy?? Gaziel, Avishay (Jan 07)
- Re: MS crypto API based ssl proxy?? Volker Tanger (Jan 06)