Hmmm - I will have to check out WebScarab.
--- In flexcoders@yahoogroups.com, Tom Chiverton <[EMAIL PROTECTED]> wrote: > > On Monday 28 Apr 2008, valdhor wrote: > > We use SSL Encryption of the username and password as well as the data > > going over the wire. > > Uh huh. > > > Are you saying that it is trivial for someone to find out the source > > and destination of the encrypted SSL stream, grab this data off the > > wire and decrypt it? > > I'm saying I can, and have, used WebScarab (for instance) as an SSL proxy, and > been able to see the plain text of both request and response. > It's a free Java tool, and I've personally had it work on both WinXP and SuSE > Linux. > > -- > Tom Chiverton > Helping to dynamically reinvent frictionless e-commerce > on: http://thefalken.livejournal.com > > **************************************************** > > This email is sent for and on behalf of Halliwells LLP. > > Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. > > CONFIDENTIALITY > > This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. > > For more information about Halliwells LLP visit www.halliwells.com. >
