NLUUG E-Zine: On ProxyTunnel

[ Thanks to Muppet for this
link. ]

“When I first plunged into the internals of HTTPS proxies, the
idea on how to abuse these for unlimited Internet access
immediately came to me. It dawned on me that, in essence, an HTTPS
web proxy is a sort of tunnel into the Internet for everyone who is
willing to speak the HTTP’s protocol CONNECT command. And since all
the traffic that passed through the tunnel is supposed to be SSL
encrypted (so as to form an unhindered SSL session between the
browser and the HTTPS server), there are little or no access
controls possible on such a tunnel. I filed these ideas under the
section ‘Interesting; must do something with this later’…

“When ‘later’ came, it turned out that the realisation described
above could have very interesting security repercussions…”


Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis