Penetration Testing mailing list archives
Re: looking for a HTTPS redirect tool
From: Haroon Meer <haroon () sensepost com>
Date: Tue, 24 May 2005 08:51:29 +0200
Hi.. You can achieve the SSL relay using sslproxy or stunnel.You client is still going to get an SSL-error pop-up but im guessing you are ok with that..
To edit the stream before passing it to the server (assuming the server is also SSL) you are going to need to string together a few ssl proxies/stunnels on your own machine.. so you have
--- request --> (443) your-sslproxy[ssl to clear-text] --> (80) your ssl-proxy[clear text to ssl] --> (443) original-server
This way the request/response will pass through your port 80 in the clear and you can use tools like net-sed to edit the stream..
/mh Rajeev Kapoor wrote:
i am looking for a HTTPS redirect tool, not a proxy.i need to test a web based application, it communicates via port 443 only and doesnot have option of specifying the proxy server, only server ip address can be given.i want a redirect tool that will accept connections onssl and forward it to the web server, it should itself act like a web server not a proxy server. i could have achived it via Cain arp posioning but i need to edit the data alsoanybody know of such tool? thanks, rajeevDiscover Yahoo! Find restaurants, movies, travel and more fun for the weekend. Check it out! http://discover.yahoo.com/weekend.html
-- ====================================================================== Haroon Meer MH SensePost Information Security +27 83786 6637 PGP : http://www.sensepost.com/pgp/haroon.txt haroon () sensepost com ======================================================================
Current thread:
- looking for a HTTPS redirect tool Rajeev Kapoor (May 23)
- Re: looking for a HTTPS redirect tool Haroon Meer (May 24)
- Re: looking for a HTTPS redirect tool Diego Kellner (May 24)
- Re: looking for a HTTPS redirect tool Martin Mačok (May 24)
- Re: looking for a HTTPS redirect tool jkowall (May 24)
- Re: looking for a HTTPS redirect tool Rogan Dawes (May 31)
- <Possible follow-ups>
- RE: looking for a HTTPS redirect tool Harry Penner (May 24)
- Re: looking for a HTTPS redirect tool Roman Medina-Heigl Hernandez (May 24)