mailing list archives
RE: Evading Client-Certificate Authentication
From: "Rob Shein" <shoten () starpower net>
Date: Thu, 1 Apr 2004 15:04:17 -0500
Might you be able to find a copy of the certificate on another system? I
don't know what the scope of work includes as fair game in the test, but if
you could get at a laptop and pull the cert, you'd be in. Outside of that,
or social engineering to accomplish the same end objective, I don't see a
way past this.
whilst in the middle of a Penetration Test I stumbled on a
web server only serving SSL and demanding the client to
present a certificate to identify himself. I tried to nikto
it with sslproxy and browse the site thru paros both with a
temporary Verisign personal certificate. No such luck, the
server keeps bouncing me off. Even vulnerability scanners
like Nessus and Retina don't get passed the port-scan portion.