Posts

Showing posts from 2014

Man-in-the-middling SSL / TLS on Windows

"Is there a lock in the URL bar?" Funny how the proliferation of commercial CA's led to this question to become the hallmark of Internet security circa 2001. I'll keep that rant for another day. Thumbs up to EFF and Mozilla for finally doing something about it . When debugging issues with network connections or reverse engineering products, you might find the need to take the gloves off and find out exactly what an application is doing on the wire. You'll need a man in the middle. ( instantcsi ) Providing the application you're targeting uses a web protocol, you'll be in with some luck- there are heaps of web debugging proxies and tools you can use on any platforms. If you have physical access to the network (i.e. a non-corporate environment), or you have a Linux machine on the network that IT security approve of- the conversation effectively ends here: Use MITMproxy . Unfortunately I don't have either physical access or a Linux machine o...

Chaining through proxies

Proxies, whilst being useless against a determined attacked, provide a generic level of security against stupid malware. An in-line IPS is able to stop known malware, leaving the proxy to provide a layer of security through obscurity- Internet access being unavailable through the default gateway. Broadly the ones I've had to deal with fall into two different categories: Forefront Threat Management Gateway Something that smells like squid. If you're up against the former, the conversation pretty much ends here: you're going to be using cntlm . Cntlm is fantastic at being a proxy chain to deal with most unix tools not understanding how to auth against NTLM based stuff. Even when they're NTLM-aware, Microsoft has a habit of changing the spec without telling anyone. A particular change from ISA 2006 to Forefront TMG broke a number of open-source apps (anything libcurl based, I'm looking at you) that were previously NTLM auth compatible. This left me in a bit of a...