Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: insecure elements in https protected pages

From: John Adams <jna () retina net>
Date: Sun, 18 Oct 2009 15:08:08 -0700
Any request on that page that is in http is an insecure element.  
Mixing HTTP and HTTPS on the same page is insecure as the credentials,  
cookies or other identifying data would be sent in the clear to the  
HTTP server.

Install FireBug and watch what pages are loaded, or manually go  
through the HTML and move all page elements over to SSL.


-j

On Oct 18, 2009, at 3:03 PM, Mohammad Hosein wrote:


in a certain web application e.g gmail there are times the whole  
communication is secured by ssl and sometimes "there are insecure  
elements" that raise questions . i'm not a web professional . how to  
find these insecure elements ? and how to evaluate if these elements  
are the results of a successful man in the middle attack or not ?

regards
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: