Hardcoded Certs
130 views
Skip to first unread message
Jake
Apr 6, 2011, 11:32:21 AM4/6/11
to mallor...@googlegroups.com
As mentioned in the Mallory tutorial, Mallory works well if the application uses the cert store. However, I'm seeing more applications use hardcoded certs. Is there any way that Mallory's cert can be used in this case and traffic intercepted?
Jeremy Allen
Apr 7, 2011, 10:34:18 AM4/7/11
to Mallory Proxy
You have to modify the cert if they don't accept the OS or local trust
stores. No real way around that problem :)
We have been doing some work on "look-alike" certs. You can always use
Mallory's CA (using the openssl command) to create a cert, sign it and
then possibly just replace the public key and modulus on the hard
coded cert. It is a tricky business, but it can usually be
accomplished without a lot of pain :)
stores. No real way around that problem :)
We have been doing some work on "look-alike" certs. You can always use
Mallory's CA (using the openssl command) to create a cert, sign it and
then possibly just replace the public key and modulus on the hard
coded cert. It is a tricky business, but it can usually be
accomplished without a lot of pain :)
Reply all
Reply to author
Forward
0 new messages