Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Re^2: HTTP::Proxy SSL Man in the middle

by morgon (Curate)
on Aug 20, 2010 at 02:16 UTC ( #856165=note: print w/replies, xml ) Need Help??


in reply to Re: HTTP::Proxy SSL Man in the middle
in thread HTTP::Proxy SSL Man in the middle

Something like this is actually done in big institutions.

Some year ago I did a project in a big bank in Switzerland.
Pretty much everybody there was using the "official" Internet Explorer. The funny thing was that when you used Firefox you got warnings on ssl-secured sites that the certificate did not match the domain-name. In fact it turned out that their proxy just returned a self-signed certificate and the "official" Internet Explorer had been modified so that it would silently accept this certificate.

So in effect they had a man-in-the-middle with hardly anybody noticing it.

So if you want to do it yourself the important thing is that you must be able to control the browser (and I assume that if you can force your users to use IE you're already halfway there).

And as an aside: Never trust the browsers that are rolled out by the IT-departments of big organisations.

  • Comment on Re^2: HTTP::Proxy SSL Man in the middle

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://856165]
help
Chatterbox?
[marto]: I'd be interested in seeing the schema and some test data. I think the move could be done in stages.
[ambrus]: Corion: did you as the gods release any official opinion about how perlmonks is now on HTTPS?
[Corion]: Discipulus: I think once we have a test environment again and move to git, contribution and change gets easier
[Corion]: ambrus: I think there was some discussion and maybe even an entry in Tidings, but I'm not really sure
[marto]: Back later, got to get the kids ready
[ambrus]: Also, I still have the suspicion that Perlmonks as a website is still horribly insecure, and that a malicious attacker could take over anyone's account easily, and I should tell the details of why I think this in some Cabal-only place.
[Corion]: But the site now is on https (only), and now also with one unified SSL certificate for all PM hoss
[ambrus]: This worries me a lot especially because as a cbstream maintainer, if this happens, I could get falsely blamed for any insecurity.
[ambrus]: Cbstream itself is also insecure because I abandonned it for too long, and it's really ripe for a full rewrite or something now.
[ambrus]: But that's a totally different issue.

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (9)
As of 2018-07-19 08:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    It has been suggested to rename Perl 6 in order to boost its marketing potential. Which name would you prefer?















    Results (404 votes). Check out past polls.

    Notices?