Penetration Testing mailing list archives
Re: HTTPS proxy tool that resigns SSL certs
From: Tobias Glemser <tglemser () tele-consulting com>
Date: Thu, 01 Jun 2006 11:39:44 +0200
One2,what do you mean with "reassign"? If you mean you want to use the original certificate or another "trusted" certificate, you should first understand how certficates work. To "reassign" you would have to have access to the private key of the original certificate (or access to a CA accepted by most browser to generate your very own certificate..).
Maybe this (http://en.wikipedia.org/wiki/Public-key_cryptography) is a tiny lectrue to start at.
Cheers, Toby one2 () onetwo com schrieb:
Hi,Does anyone know of an HTTPS proxy tool that will let you resign SSL certificates when doing a MITM attack? Thanks, One2 ------------------------------------------------------------------------------ This List Sponsored by: CenzicConcerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.------------------------------------------------------------------------------
------------------------------------------------------------------------------ This List Sponsored by: CenzicConcerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------
Current thread:
- Re: HTTPS proxy tool that resigns SSL certs Rogan Dawes (Jun 01)
- <Possible follow-ups>
- Re: HTTPS proxy tool that resigns SSL certs Robert BARABAS (Jun 01)
- Re: HTTPS proxy tool that resigns SSL certs Tobias Glemser (Jun 01)
- Re: HTTPS proxy tool that resigns SSL certs Huzeyfe Onal (Jun 02)
- Re: HTTPS proxy tool that resigns SSL certs Phil Frederick (Jun 05)
- Re: HTTPS proxy tool that resigns SSL certs Rogan Dawes (Jun 06)
- Re: HTTPS proxy tool that resigns SSL certs Phil Frederick (Jun 05)
- RE: HTTPS proxy tool that resigns SSL certs Steve Abatangle (Jun 06)
- Re: HTTPS proxy tool that resigns SSL certs Nathan Keltner (Jun 06)
- Re: Re: HTTPS proxy tool that resigns SSL certs one2 (Jun 06)
- Re: HTTPS proxy tool that resigns SSL certs Rogan Dawes (Jun 07)
- RE: HTTPS proxy tool that resigns SSL certs Ritesh Rekhi (Jun 08)
- Re: HTTPS proxy tool that resigns SSL certs silentw (Jun 08)
- Re: HTTPS proxy tool that resigns SSL certs Rogan Dawes (Jun 09)
- Re: HTTPS proxy tool that resigns SSL certs Rogan Dawes (Jun 07)