Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: Client script access to server cert info

Re: Client script access to server cert info

From: Jon Pastore <jpastore_at_idetech.net>
Date: Wed, 16 Apr 2003 07:17:42 -0400

can you recommend one for perl? CPAN wasn't playing nice when I did a search
eariler...I have an intranet application I sell based on perl that it would
be nice if we could make sure it only runs on the computer it was told to.
and being able to analyze the cert would be nice...

-Jon
----- Original Message -----
From: "Maupin, Tony" <Tony.Maupin_at_integris-health.com>
To: "'Brass, Phil (ISS Atlanta)'" <PBrass_at_iss.net>;
<webappsec_at_securityfocus.com>
Sent: Monday, April 14, 2003 9:55 AM
Subject: RE: Client script access to server cert info

> What you're looking for is called a "certificate parsing module". Do a
> search on that term and/or add open source to the search depending on what
> you're looking for. It will do everything you are asking and more.
>
> Tony Maupin
>
> -----Original Message-----
> From: Brass, Phil (ISS Atlanta) [mailto:PBrass_at_iss.net]
> Sent: Sunday, April 13, 2003 11:21 PM
> To: webappsec_at_securityfocus.com
> Subject: RE: Client script access to server cert info
>
>
> To clarify, what I'm looking for is a way for script on a page to access
> the server certificate information used during the SSL connection over
> which the page was provided. I.e. if Alice requests a page from
> bob.com, but the bob.com server returns a certificate that actually says
> mallory.com, and Alice presses "OK" when prompted about the discrepancy,
> it would be nice if there was a way to detect this using script that ran
> in the browser. I'm trying to find out if anybody knows of any
> browser/DOM/DHTML objects that contain a description (signing chain, CN,
> fingerprint, whatever) of the actual server certificate information
> presented during the SSL handshake.
>
> Phil
>
> > -----Original Message-----
> > From: Brass, Phil (ISS Atlanta)
> > Sent: Sunday, April 13, 2003 11:51 PM
> > To: webappsec_at_securityfocus.com
> > Subject: Client script access to server cert info
> >
> >
> > Does anybody know if there is a way to access the server
> > certificate information in client-side script in a web browser?
> >
> > Thanks!
> >
> > Phil
> >
>
Received on Apr 16 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]