[Full-Disclosure] SSL Filtering
BlueBoar at thievco.com
Fri Oct 17 19:57:21 BST 2003
> Is there a way to detect if this MITM is being performed?
The one method I'm familiar with for how to accomplish this with SSL
involves installing keys for a company CA in the users' browsers. (The
SSL MITM box resigns the keys, and as long as the key is trusted by the
user, no dire error messages occur.) If you were paying attention, you
could check that the signing CA had changed.
Full-Disclosure is hosted and sponsored by Secunia.