Collaborate Disseminate
Question
Proxy server that restricted specific IPs to specific domains. I can bypass theses blocked websites by setup my own local proxy server while using the above proxy server as upstream. What happened? Why it worked?
Context:
In my c… Continue reading bypass upstream proxy’s forbidden website by set up local proxy, why it works?
Is this a good approach to preventing the leakage of secrets?
Say I had a simple setup where Alice holds the secret to access Bob, and Charlie has basic shell access to Alice (with a different auth method). Charlie echoing "$BOB_SECRE… Continue reading Intercept calls to authenticated 3rd-party APIs, to automatically add auth keys?
Assuming you have a company network and all internet traffic is going through an http-proxy. The users have either a system proxy or a proxy set in their browser settings (i.e. through group policies). Assume now, for administrative work y… Continue reading Is not setting a System/User proxy for internet connections a security benefit?
The built-in sslstripping feature (http.proxy.sslstrip) in bettercap is not working against HTTPS websites in this issue I will be using cygwin.com and winzip.com as an example, as we can see they are not HSTS preloaded https://hstspreload… Continue reading Bettercap not detecting HTTPS websites (?)
My client says their API traffic must take the path WAF -> Custom Firewall -> Backend API. Also, mTLS must be terminated after the traffic has gone through the network appliance.
I have created an Envoy proxy that can perform mTLS be… Continue reading Using HTTP header to transmit client certificate for mTLS
If a PCI compliant service decides to SSL-Tunnel credit card information via an independent residential/mobile proxy service to a destination payment service, would this protocol still be PCI compliant?
Since the credit card information is… Continue reading PCI-DSS Compliance: SSL Tunneling Credit Card Information Through A HTTPS Mobile/Residential Proxy Service to A Destination Service
Read something like this on reddit "someone can also be a regular user who does not read terms and conditions of apps that they install. Some apps might include code that will enable them to run trafic through their IP while the app i… Continue reading Any (opensource) tool that we can use to detect if our computers has been installed applications that have proxies services
I set https://tinyproxy.github.io/ in a rented VPS in another country. Now I can access some resources granted to the IP range associated with that country.
As I understand ISP + a forward proxy sees everything for plain HTTP protocol.
Tha… Continue reading Are forward proxies secure when SSL/TLS resource is requested?
I have hit a conceptual roadblock here and, to be honest, do not really have a lot of experience with WAFs or firewalls in general. (I did go through this very nice explanation to get upto speed with the basic understanding of firewalls. )… Continue reading Can a WAF transform HTTP response
I’ve been searching quite a bit trying to find out how to configure the conf file and I keep coming up blank.
I’m running Bitwarden which runs in Docker. This makes the ports even more confusing.
I’ve figured out that nginx runs on 8443 in… Continue reading Help with setting up a reverse proxy [migrated]