---

Home Security

NLUUG E-Zine: On ProxyTunnel

By

[ Thanks to Muppet for this
link. ]

“When I first plunged into the internals of HTTPS proxies, the
idea on how to abuse these for unlimited Internet access
immediately came to me. It dawned on me that, in essence, an HTTPS
web proxy is a sort of tunnel into the Internet for everyone who is
willing to speak the HTTP’s protocol CONNECT command. And since all
the traffic that passed through the tunnel is supposed to be SSL
encrypted (so as to form an unhindered SSL session between the
browser and the HTTPS server), there are little or no access
controls possible on such a tunnel. I filed these ideas under the
section ‘Interesting; must do something with this later’…

“When ‘later’ came, it turned out that the realisation described
above could have very interesting security repercussions…”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.