Penetration Testing
- HTTPS
- input.txt

Penetration Testing

HTTPS

Submitting test requests to a site running HTTPS

Run the following in one terminal

stunnel -D 4 -c -f -d localhost:8080 -r www.testsite.tld:443

Use netcat to submit the test request

nc localhost 8080 < input.txt > result.html

input.txt

GET /test/test.php?param1=test HTTP/1.0
Accept: */*
Referer: http://www.somesite.tld/
Accept-Language: en-gb
Authorization: Basic XXXBASIC_AUTH_KEY_IF_USING_BASIC_AUTHXXX
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Pragma: no-cache
Host: www.somesite.tld
Cache-Control: max-age=259200
Connection: keep-alive

-- Frank Dean - 27 Apr 2007