 | |
| |||||||
| Home | Register | Projects | Blogs | FAQ | Calendar | Search | Today's Posts | Mark Forums Read | Free Directory | Free DNSReport | Tags |
| Notices |
| Hacking Discuss the art of hacking, your experiences, etc... |
HTTPS over CThis is a discussion on "HTTPS over C" within the Hacking part of the Computer Security: Discussions section; I would like to know if their is some person here experienced with the HTTPS protocol over C without the use of http://curl.haxx.se/libcurl/, I guess I should use OpenSSL, but Im not sure. I will use ... |
 |
| | LinkBack | Thread Tools | Display Modes |
09-07-05
| ||||
| ||||
 HTTPS over C I would like to know if their is some person here experienced with the HTTPS protocol over C without the use of http://curl.haxx.se/libcurl/, I guess I should use OpenSSL, but Im not sure. I will use this lib (libcurl) for a project but would be nice to have some feedbacks/codes samples about this without the use of this external lib to have a better understand of what I'm coding. Thanx you.  |
| Sponsor | ||
| ||
| |
|
10-07-05
| |||
| |||
| well I dont know about this too  but these links might be useful .---------------------- talking to SSL in the iis-ssl DoS exploit : http://www.security.nnov.ru/files/sslbomb.c char cipher_suites[] = /* 52 */ char bin_data[] = /* 1308 */ on making sessions and those shits . --------------------- ASN1.1 parsing remember ? http://cert.uni-stuttgart.de/archive/bu ... 00126.html --------------------- and at last that damn openssl-too-open I remember that time wow many servers got 0wned with this shit . good case study done by phreedom: http://www.phreedom.org/solar/exploits/apache-openssl/ --------------------- this wont hurt too ! : http://security.nnov.ru/exploits/?keyword=ssl |
|
10-07-05
| ||||
| ||||
| ok thx man |
|
12-07-05
| ||||
| ||||
| this one you sent me: http://www.phreedom.org/solar/exploits/apache-openssl/ clear explanations, good paper |
|
12-07-05
| ||||
| ||||
| well I will explain better what Im trying to do because there is prolly much faster to do this with a win api that I dont know yet: Im coding a small c program connection the MSN network via MSNP9, the auth is no more in clear text and I need to request to a ssl server a challenge ticket at "https://nexus.passport.com/rdr/pprdr.asp", to be able then to submit the encrypted password and to be logged on as a normal client, this will help me then to identify client bugs while sending them a msg, because rumours says that big vulnerabilities are identified while sending a crafted msg to some popular clients Have found a .NET sample about all this: HttpWebRequest ServerRequest = (HttpWebRequest)WebRequest.Create("https://nexus.passport.com/rdr/pprdr.asp"); if someone can submit me a small C sample on how to request a https:// via a smiliar way, thanx you. |
|
12-07-05
| ||||
| ||||
| looks like I can do only this with .NET framework libs http://msdn.microsoft.com/library/defau ... temnet.asp correct me or link me to something other if Im wrong. |
|
15-07-05
| ||||
| ||||
| got it, AfxParseURL |
|
18-07-05
| ||||
| ||||
| |
|
19-07-05
| |||
| |||
| useful links :> I will post if I found sth . our telephone line was cut off for a week ! ( not so astonishing in my country ) anyway I am looking for a paper/book/ebook/everything that has introduced talking to different daemons in C , like https which is just mentioned . any useful link ? |
|
20-07-05
| ||||
| ||||
| to do the https connection , Im using finally as msdn mention , the wininet lib, you should initiate those functions in the same order if im not wrong, much infos at msdn: http://msdn.microsoft.com/library/en-us ... etopen.asp http://msdn.microsoft.com/library/en-us ... onnect.asp http://msdn.microsoft.com/library/en-us ... equest.asp http://msdn.microsoft.com/library/en-us ... equest.asp you can initizate several type of connection with , http/https/gopher/ftp/etc... |
| Sponsor | ||
| ||
| |
|
| | |
| https | |
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Tiny MSN Fuzzer | class101 | Applications, Tools & Papers | 13 | 02-10-07 01:34 |
| MailEnable HTTPS Buffer Overflow | rscience | Private | 10 | 14-11-05 17:36 |
| MSN password flaw | class101 | General Discussions | 5 | 24-08-05 13:54 |
