WebApp Sec: RE: Evading Client-Certificate Authentication

["Rob Shein" <shoten () starpower net>]

Might you be able to find a copy of the certificate on another system?  I
don't know what the scope of work includes as fair game in the test, but if
you could get at a laptop and pull the cert, you'd be in.  Outside of that,
or social engineering to accomplish the same end objective, I don't see a
way past this.

> whilst in the middle of a Penetration Test I stumbled on a 
> web server only serving SSL and demanding the client to 
> present a certificate to identify himself. I tried to nikto 
> it with sslproxy and browse the site thru paros both with a 
> temporary Verisign personal certificate. No such luck, the 
> server keeps bouncing me off. Even vulnerability scanners 
> like Nessus and Retina don't get passed the port-scan portion.