SSL MITM attacks
I have come in contact with a few rather draconian firewalls, and this has sufficiently motivated me to set up SSH over HTTPS (including a patched version of Apache to allow the use of SSL), which should traverse even the most draconian layer-7 firewalls.
Or so I thought.
Can anyone tell me how products like these work? Or if they work at all?
The only thing I can think of is some kind of man-in-the-middle attack, but certainly validating the certificate should prevent something like that from working. Problem is, proxytunnel appears not to do this, so I was curious if my SSL traffic was not as undetectable as I thought.
Or so I thought.
Can anyone tell me how products like these work? Or if they work at all?
The only thing I can think of is some kind of man-in-the-middle attack, but certainly validating the certificate should prevent something like that from working. Problem is, proxytunnel appears not to do this, so I was curious if my SSL traffic was not as undetectable as I thought.
