Re: Fortigate Bypass

["Eddie Bell" <ejlbell () gmail com>]

On 20/07/06, Louis Wang <bill.louis () gmail com> wrote:
> hi there
> https is born to make connection keep secret between two peers.
> Only the two end of a connection can see the clear text, gateways and
> router can not see clear text. so technically, Fortigate or other
> gateways can not deal with https content text.

Technically it is not hard to do, the gateway just needs to accept
https connection and reply with its own certificate, which has been
added to all the browser behind the gateway. Then forward the https
request to the correct site. Its a legitimate man-in-the-middle
attack.

 And more, if FortiGate
> can know your https connect content, FortiGate administartor can see
> your credit card account and password when you logon bank website
> throught FortiGate by https, would you like to see this thing? :)

If you do not trust the adminstration then you should not be using
your credit card. Watching http sessions is not a big deal compared to
some of the things the admins have power to do. If they wanted to
comprimise your privacy they have many choices

- ejlb