timeless wrote:
> Nelson: please trust us. the product has specific design constraints.
>
This is a public mailing list. Archived and published by Google Groups.
Perhaps a different channel of communication would be better...
> the purpose is to allow for mozilla to sit between e.g. MSIE or
> A
> Unfortunately umesh didn't explain exactly which path was taken. And
> umesh didn't indicate if he used the NSS debug env vars to get extra
> logging. Nor did umesh indicate if he had tried using ssltap in
> conjunction with this, or using a mozilla as the client with it
> configured w/ the NSS d
I wish umesh would reply in thread instead of randomly posting new
threads. *grumble*
On Aug 19, 5:04 am, Nelson B <[EMAIL PROTECTED]> wrote:
> How do you plan to defeat the MITM detection in the products you intend
> to attack? Do you plan to plant a bogus root CA cert in them?
> If so, how do y
Nelson: please trust us. the product has specific design constraints.
the purpose is to allow for mozilla to sit between e.g. MSIE or
Acrobat Reader and a web server, analyze the stream and then do
something based on it.
The only way that this works is for MSIE or whatever to *install* a
certific
Umesh Bywar wrote:
> [...] my goal is a little different. I want to intercept requests from
> different clients (and not just the mozilla browser). So this compnent is
> a real proxy listening on some port for requests.
How do you plan to defeat the MITM detection in the products you intend
to att
Hi Nelson:
Thanks for your reply. But my goal is a little different. I want to
intercept requests from different clients (and not just the mozilla browser).
So this compnent is a real proxy listening on some port for requests.
As far as the design is concerned, it may not be a good thin
Colin Blake wrote:
> The use of the word "extension" in Umesh's introduction is misleading.
> This is for use within a product, which is not your typical browser with
> a typical user. There is no plan to offer any such proxy as a general
> purpose extension.
If you want to perform some kind of fi
The use of the word "extension" in Umesh's introduction is misleading.
This is for use within a product, which is not your typical browser with
a typical user. There is no plan to offer any such proxy as a general
purpose extension.
Colin.
___
dev-tec
Nelson B wrote:
> Umesh Bywar wrote:
>
>> I am trying to write a man-in-the-middle proxy as an extension to
>> mozilla. This proxy is basically supposed to intercept HTTP/HTTPS
>> requests, parse them and forward them to the appropriate server.
>
> This is a profoundly bad idea. It has serious
Umesh Bywar wrote:
> I am trying to write a man-in-the-middle proxy as an extension to
> mozilla. This proxy is basically supposed to intercept HTTP/HTTPS
> requests, parse them and forward them to the appropriate server.
This is a profoundly bad idea. It has serious security vulnerability
impl
10 matches
Mail list logo
