TLS
The Added Value of SNI-Only Mode in Imperva Cloud WAF
Imperva has modified the default behavior for new cloud WAF sites, now enforcing Server Name Indication (SNI)-only traffic by default. This shift is aimed at optimizing the utilization of TLS-related features, both ...
Digital Certificates Riddled With Security Weaknesses
A study published today found 79% of certificates on the internet are vulnerable to man-in-the-middle (MitM) attacks, with as many as 10% expired or self-signed (15%) in a way that is considered ...
TLS Redirection and Dynamic Decryption Bypass in PolarProxy
PolarProxy is constantly being updated with new features, enhanced performance and bug fixes, but these updates are not always communicated other than as a short mention in the ChangeLog. I would therefore ...
An Untrustworthy TLS Certificate in Browsers
The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy: Google’s Chrome, Apple’s Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to ...
CapLoader 1.9.4 Released
A new version of our advanced PCAP filtering tool CapLoader was released today. The new CapLoader 1.9.4 release includes features like JA3 hash extraction from TLS traffic and a fantastic thing called ...
Russia Force-Feeds new, ‘Trusted’ CA—Yeah, RIGHT
Websites in Russia can’t renew their TLS/HTTPS certs. Moscow’s solution is to create a new certificate authority. But the man-in-the-middle threat should be obvious ...
PolarProxy in Windows Sandbox
In this video I demonstrate how PolarProxy can be run in a Windows Sandbox to intercept and decrypt outgoing TLS communication. This setup can be used to inspect otherwise encrypted traffic from ...
PolarProxy 0.9 Released
PolarProxy was previously designed to only run as a transparent TLS proxy. But due to popular demand we've now extended PolarProxy to also include a SOCKS proxy and a HTTP CONNECT proxy ...
Best of 2021 – Chrome to Enforce HTTPS Web Protocol (Like It or Not)
What a difference an ‘s’ makes. This seemingly unimportant change could have a big—if unseen—impact ...
Packet Captures in the Age of TLS
Ten to fifteen years ago, a company having FPC (full packet capture) was an indicator of the seriousness of the company's information security efforts. Having trained analysts that could use those packets ...