Well, yeah, you aren't even using the SSL version.
You have to use https instead of http to use the secure site. We don't automatically redirect people to the secure version (for various reasons).
You have to use https instead of http to use the secure site. We don't automatically redirect people to the secure version (for various reasons).
If I am reading this right (by which I mean https://www.charlesproxy.com/documentation/proxying/ssl-proxying/ ) then you have man in the middled yourself and want us to do something about it? If so I do not particularly see the need -- local/user side challenges are a nightmare to implement well and two factor seems a bit overkill (does the facebook login option not allow something like that, or effectively act as such?).
- Joined
- Oct 27, 2002
- Messages
- 23,749
- Trophies
- 4
- Age
- 46
- Location
- Engine room, learning
- XP
- 15,662
- Country
Isn't it a functionality of the proxy to be able to see your data, and not a flow?
you are using charles' certificate so of course the proxy see your data to be able to re-encrypt it to send to the server.
the communication is encrypted and nobody can read the content (unless you trust a man-in-the-middle certificate instead of the owner's one), but not what you type. if you want to encrypt your own password to send you would have to type it crypted yourself, or maybe add a javascript function to encrypt it first before sending the GET or POST request and the server would have to decrypt it first before checking it with the database.
But even encrypted, it would not be enough unless you are using SSL/TLS for that and generate a trusted key for the current connexion. because if you just encrypt it with a salt, someone "in the middle" can use the same encrypted string and the server would decrypt it.
the full stream is already encrypted, it's up to you to verify who provide the certificate to be sure nobody is reading your content.
you are using charles' certificate so of course the proxy see your data to be able to re-encrypt it to send to the server.
the communication is encrypted and nobody can read the content (unless you trust a man-in-the-middle certificate instead of the owner's one), but not what you type. if you want to encrypt your own password to send you would have to type it crypted yourself, or maybe add a javascript function to encrypt it first before sending the GET or POST request and the server would have to decrypt it first before checking it with the database.
But even encrypted, it would not be enough unless you are using SSL/TLS for that and generate a trusted key for the current connexion. because if you just encrypt it with a salt, someone "in the middle" can use the same encrypted string and the server would decrypt it.
the full stream is already encrypted, it's up to you to verify who provide the certificate to be sure nobody is reading your content.
D
Deleted User
Guest
OP
@FAST6191
@Cyan
Thanks for the info guys. I was just worried because I know some people sometimes do use Charles Proxy to experiment with HTTPS link sniffing. However, I guess I really should uninstall the Charles certificate if I don't want my password to be sniffed. Then again, I have a tendancy to accidentally visit the HTTP version of the temp.
Does anyone know how I can make a bookmarks bar in Firefox?
@Cyan
Thanks for the info guys. I was just worried because I know some people sometimes do use Charles Proxy to experiment with HTTPS link sniffing. However, I guess I really should uninstall the Charles certificate if I don't want my password to be sniffed. Then again, I have a tendancy to accidentally visit the HTTP version of the temp.
Does anyone know how I can make a bookmarks bar in Firefox?
- Joined
- Oct 27, 2002
- Messages
- 23,749
- Trophies
- 4
- Age
- 46
- Location
- Engine room, learning
- XP
- 15,662
- Country
I guess it's called "personal bar".
right click on a top menu and you should see the possible options to display.
when you manage the bookmarks, there's a folder named personal bar too.
right click on a top menu and you should see the possible options to display.
when you manage the bookmarks, there's a folder named personal bar too.
D
Deleted User
Guest
OP
Similar threads
-
-
S @ salazarcosplay:you bleack in to goverment computer systems to get cyborg schematics so you can get a robot body constructed
-
@
Xdqwerty:
btw @BigOnYa the health bar doesnt decrease when i take damage (and yes i put the "at the beggining of the scene change value of greenflatbar: set to Protagonistcopmode.Health::Health()) -
-
-
-
-
-
-
@
BigOnYa:
@Xdqwerty there is health behaviour you can add to your character, then to use a health bar is lil more complicated, google n watch a few tutorial video on it, be too hard to explain here. -
-
@
BigOnYa:
I know you have to create a health and health max variable. Then there is a calculation you use in code to subtract width size of the health bar. Google few vids.
-
-
-
@
BigOnYa:
Yea you can use any bar/sprite. It will just change the width. Ok good luck and have fun. I'm off to go shoot some pool at the bar. Talk to you later.+1
-
-
-
-
-
-
-
-
-
-
@
BigOnYa:
I had the Goodyear blimp fly right over house this morning, was weird looking up and seeing it that close up. Mineral
