https proxy

Paul Sweeney reverse.ku.oc.issolok at nothypgnal.delrest.co.uk
Tue Jul 27 17:56:03 CEST 2004


Simon Dahlbacka wrote:
> hmm, I thought the _purpose_ of using https was to make it relatively
> impossible to view the unencrypted data being the "man in the middle"..

It's certainly not impossible, there are tools like Paros for java which do
the job, the browser sets up an http connection with the proxy (using the
proxy's built in certificate), and the proxy then sets up an https
connection with the destination server, but the data is unencrypted in the
proxy before being re-encrypted to send to the destination server.

What is (virtually) impossible is to intercept and do a "man in the middle"
attack on an existing connect.  I don't want to intercept stuff on the net,
just see what the browser on my machine is sending/receiving

HTH :-)






More information about the Python-list mailing list