Well, yeah, you aren't even using the SSL version.
You have to use https instead of http to use the secure site. We don't automatically redirect people to the secure version (for various reasons).
You have to use https instead of http to use the secure site. We don't automatically redirect people to the secure version (for various reasons).
If I am reading this right (by which I mean https://www.charlesproxy.com/documentation/proxying/ssl-proxying/ ) then you have man in the middled yourself and want us to do something about it? If so I do not particularly see the need -- local/user side challenges are a nightmare to implement well and two factor seems a bit overkill (does the facebook login option not allow something like that, or effectively act as such?).
- Joined
- Oct 27, 2002
- Messages
- 23,749
- Trophies
- 4
- Age
- 46
- Location
- Engine room, learning
- XP
- 15,662
- Country
Isn't it a functionality of the proxy to be able to see your data, and not a flow?
you are using charles' certificate so of course the proxy see your data to be able to re-encrypt it to send to the server.
the communication is encrypted and nobody can read the content (unless you trust a man-in-the-middle certificate instead of the owner's one), but not what you type. if you want to encrypt your own password to send you would have to type it crypted yourself, or maybe add a javascript function to encrypt it first before sending the GET or POST request and the server would have to decrypt it first before checking it with the database.
But even encrypted, it would not be enough unless you are using SSL/TLS for that and generate a trusted key for the current connexion. because if you just encrypt it with a salt, someone "in the middle" can use the same encrypted string and the server would decrypt it.
the full stream is already encrypted, it's up to you to verify who provide the certificate to be sure nobody is reading your content.
you are using charles' certificate so of course the proxy see your data to be able to re-encrypt it to send to the server.
the communication is encrypted and nobody can read the content (unless you trust a man-in-the-middle certificate instead of the owner's one), but not what you type. if you want to encrypt your own password to send you would have to type it crypted yourself, or maybe add a javascript function to encrypt it first before sending the GET or POST request and the server would have to decrypt it first before checking it with the database.
But even encrypted, it would not be enough unless you are using SSL/TLS for that and generate a trusted key for the current connexion. because if you just encrypt it with a salt, someone "in the middle" can use the same encrypted string and the server would decrypt it.
the full stream is already encrypted, it's up to you to verify who provide the certificate to be sure nobody is reading your content.
D
Deleted User
Guest
OP
@FAST6191
@Cyan
Thanks for the info guys. I was just worried because I know some people sometimes do use Charles Proxy to experiment with HTTPS link sniffing. However, I guess I really should uninstall the Charles certificate if I don't want my password to be sniffed. Then again, I have a tendancy to accidentally visit the HTTP version of the temp.
Does anyone know how I can make a bookmarks bar in Firefox?
@Cyan
Thanks for the info guys. I was just worried because I know some people sometimes do use Charles Proxy to experiment with HTTPS link sniffing. However, I guess I really should uninstall the Charles certificate if I don't want my password to be sniffed. Then again, I have a tendancy to accidentally visit the HTTP version of the temp.
Does anyone know how I can make a bookmarks bar in Firefox?
- Joined
- Oct 27, 2002
- Messages
- 23,749
- Trophies
- 4
- Age
- 46
- Location
- Engine room, learning
- XP
- 15,662
- Country
I guess it's called "personal bar".
right click on a top menu and you should see the possible options to display.
when you manage the bookmarks, there's a folder named personal bar too.
right click on a top menu and you should see the possible options to display.
when you manage the bookmarks, there's a folder named personal bar too.
D
Deleted User
Guest
OP
Similar threads
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@
SylverReZ:
You can make a post on the DS forum about your findings, and they'll do their best to respond. They have a GBAtemp account here, you know. -
@
Materia_tofu:
oh ye i made a post i did forget they had an account i prob shouldve tagged them in the post+1
tbh -
-
-
-
