Mitmproxy.org How MITMproxy has been slaying SSL …

 How MITMproxy has been slaying SSL Dragons

OWASP

April 14 2012

Jim Cheetham University of Otago Information Security Office jim.cheetham@otago.ac.nz

Copyright ? The University of Otago Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike 3.0 New Zealand (CC BY-SA 3.0) licence.

The OWASP Foundation

Introduction

What is MITMproxy? Why is it useful? Dragon-slaying successes How does it work? How do we use it? (Demos)

OWASP

2

What is MITMproxy?

"An SSL-capable man-in-the-middle proxy" Generic pentest/debug tool Interactive, console based ? intercept &| modify Passive ? like tcpdump/tshark Replay previous data Preserve cookies & authentication Extensible ? invoke Python modules

Or system commands

Programmable via libmproxy

OWASP

3

Not just good looks

OWASP

4

Project maturity

Initial: v0.2 ? March 2010 Current: v0.8 ? 9 April 2012 License: GPL v3 (+OpenSSL) Author: Aldo Cortesi

Network security, penetration testing, security architecture, source audits, risk assessment, software development

OWASP

5

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.