this cross-protocol HTTPS/FTP attack is really interesting http://bugs.proftpd.org/show_bug.cgi?id=4143#c0 … we may face a can of x-prot worms here
@hanno iirc I didn't test the full attack w/o data con, only tested all the parts. full attack might be stopped by IE's XSS filter. sorry :/
-
-
@hanno basically, check whether sending a full HTTP POST request in one chunk using "openssl s_client" with -starttls doesn't kill the con -
@hanno then check whether you can get the service to echo back HTML strings and whether they are close enough to the response start for IE
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.