SSL Man-in-the-middle
Simon Spero
ses at tipper.oit.unc.edu
Tue Sep 26 06:32:16 PDT 1995
Jeff - there are two ways to get the document information right (or wrong).
The first approach is to use redirects to point the client back at the
original server once you've grabbed whatever info you want for the
request. Redirects from https -> https don't trigger a warning box. You
may need to rewrite the URL slightly to prevent loop detection (stick a .
at the end of the hostname, or add a port, etc.
The second approach is to only intercept requests for inline images.
These don't affect the document information window, and give you full
access to the whole request, which may have user authentication information
associated with it, in the URL or in header fields. Image requess can be
identified reliably through simple traffic analysis.
Simon
Contract with America - Explained! |Phone: +44-81-500-3000
Contract: verb |Mail: ses at unc.edu
1) To shrink or reduce in size - the economy contracted +-----------------------
2) To become infected -My baby contracted pneumonia when they stopped my welfare
More information about the cypherpunks-legacy
mailing list