https proxy
Paul Rubin
http
Tue Jul 27 18:04:39 EDT 2004
More information about the Python-list mailing list
Tue Jul 27 18:04:39 EDT 2004
- Previous message (by thread): https proxy
- Next message (by thread): https proxy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
"Paul Sweeney" <reverse.ku.oc.issolok at nothypgnal.delrest.co.uk> writes: > I wish to access an https:// site using my browser and click around > it. I wish to see the http(s) GET urls and http(s) POST urls and > data which are being sent to the https server. If the site were an > http:// site I would use a tool like ethereal to see what was going > on, but this data is sent encrypted from the browser due to the > https connection, so I'll just see the encrypted data. So I need a > tool to view the unencrypted form of the data which is being sent > encrypted (sorry for being unclear about the "unecrypted data" in my > last post, I hope this is better). You could do that but I don't know of already-existing Python code that does it. Basically it would be a man-in-the-middle attack against the browser/server pair: browser---(SSL)---proxy---(SSL)---server There'd be two separate SSL sessions and the proxy would of course have to present its own server certificate to the browser, which you'd configure the browser to accept. The server application could take various measures to detect this subterfuge and stop it from happening, but I doubt any normal server apps actually bother to do that. It's not a true security break, since the browser user has to accept the proxy certificate, thereby giving "permission" for the interception.
- Previous message (by thread): https proxy
- Next message (by thread): https proxy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list