[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSL Man-in-the-middle
Jeff - there are two ways to get the document information right (or wrong).
The first approach is to use redirects to point the client back at the
original server once you've grabbed whatever info you want for the
request. Redirects from https -> https don't trigger a warning box. You
may need to rewrite the URL slightly to prevent loop detection (stick a .
at the end of the hostname, or add a port, etc.
The second approach is to only intercept requests for inline images.
These don't affect the document information window, and give you full
access to the whole request, which may have user authentication information
associated with it, in the URL or in header fields. Image requess can be
identified reliably through simple traffic analysis.
Simon
Contract with America - Explained! |Phone: +44-81-500-3000
Contract: verb |Mail: [email protected]
1) To shrink or reduce in size - the economy contracted +-----------------------
2) To become infected -My baby contracted pneumonia when they stopped my welfare