Home page logo

pen-test logo Penetration Testing mailing list archives

MS crypto API based ssl proxy??
From: Shashank Rai <shashrai () emirates net ae>
Date: Tue, 06 Jan 2004 08:33:53 +0400


I am testing a web-site running on MS technology. The site requires the
client to authenticate using a user certificate.
The issues i am facing is that the way site has been designed it only
accepts request from IE (based on MS IIS SSL). Any attempt to use a tool
like sslproxy, stunnel, paros (to manipulate the requests) fails. In
fact, the site is not accessible using Netscape 7.1 (or Mozilla 1.5 or
firebrid 0.7 ... tried all of them just for the heck of it :) on
Windows. I believe the way the web-site has been configured, probably
the calls used to check the client certificate makes it MS specific
(this is just a hunch).

Is anyone out there aware of a ssl proxy based on MS crypto API (not to
mention, it should be capable of providing the server,a user
certificate)? .. will save me a lot of coding effort :)



Here is the Packet that was fragmented and has been assembled again.
                                       (with apologies to JRR Tolkien :)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]