Ted Roche <[EMAIL PROTECTED]> writes: > I always thought that you needed to be using an https:// page before > sending user names and passwords to log in. My credit union claims > this isn't true, and that since clicking the signon button takes you > to an SSL page, the information typed in is transmitted securely. I > have my doubts. Here's a portion of their claim, from the front page > of http://www.navyfcu.org. I'd welcome opinions.
As others have noted, the page you type your information into is not necessarilly where you end up sending the information by clicking submit. Also as noted by others, you can discover this by looking at the source for the web page you're viewing. However, it's rather easy to miss this information, and if you're ever in doubt, the best way to determine what's getting passed to a remote system is to watch what passes over the wire. To do this, fire up tcpdump or, if GUIs are your thing, use 'ethereal'[1]. Using tcpdump you can quickly see traffic going to an SSL-secured website with something like this: tcpdump -i en1 port https This won't tell you more than that you've connected to a secure site and are passing some traffic. tcpdump -i en1 -qe -vvv -ls 400 port https This will show you a lot more... and this: tcpdump -i en1 -qexX -vvv -ls 400 port https might even show you something interesting :) The latter, if you remove the last s, and just scan for http, then you'll be able to see all the HTTP gets your browser is requesting from the remote server. For example, in the following packet, you can clearly see a GET for an image, and the client informing the server what browser I'm using, among other things: 21:52:52.564502 00:03:93:ee:39:3c > 00:09:5b:6b:74:8e, IPv4, length 633: IP (tos 0x0, ttl 64, id 28269, offset 0, flags [DF], length: 619) 192.168.10.6.50153 > mobile9.com.http: tcp 579 0x0000: 0009 5b6b 748e 0003 93ee 393c 0800 4500 ..[kt.....9<..E. 0x0010: 026b 6e6d 4000 4006 70aa c0a8 0a06 4313 [EMAIL PROTECTED]@.p.....C. 0x0020: 4bb4 c3e9 0050 0f4e bb70 ea99 a8b9 5018 K....P.N.p....P. 0x0030: ffff 688e 0000 4745 5420 2f69 6d61 6765 ..h...GET./image 0x0040: 732f 666f 6f74 6572 626f 7474 6f6d 5f30 s/footerbottom_0 0x0050: 332e 6769 6620 4854 5450 2f31 2e31 0d0a 3.gif.HTTP/1.1.. 0x0060: 486f 7374 3a20 7777 772e 7765 6268 6f73 Host:.www.webhos 0x0070: 7469 6e67 6465 762e 636f 6d0d 0a55 7365 tingdev.com..Use 0x0080: 722d 4167 656e 743a 204d 6f7a 696c 6c61 r-Agent:.Mozilla 0x0090: 2f35 2e30 2028 4d61 6369 6e74 6f73 683b /5.0.(Macintosh; 0x00a0: 2055 3b20 5050 4320 4d61 6320 4f53 2058 .U;.PPC.Mac.OS.X 0x00b0: 204d 6163 682d 4f3b 2065 6e2d 5553 3b20 .Mach-O;.en-US;. 0x00c0: 7276 3a31 2e37 2e35 2920 4765 636b 6f2f rv:1.7.5).Gecko/ 0x00d0: 3230 3034 3131 3037 2046 6972 6566 6f78 20041107.Firefox 0x00e0: 2f31 2e30 0d0a 4163 6365 7074 3a20 696d /1.0..Accept:.im 0x00f0: 6167 652f 706e 672c 2a2f 2a3b 713d 302e age/png,*/*;q=0. 0x0100: 350d 0a41 6363 6570 742d 4c61 6e67 7561 5..Accept-Langua 0x0110: 6765 3a20 656e 2d75 732c 656e 3b71 3d30 ge:.en-us,en;q=0 0x0120: 2e35 0d0a 4163 6365 7074 2d45 6e63 6f64 .5..Accept-Encod 0x0130: 696e 673a 2067 7a69 702c 6465 666c 6174 ing:.gzip,deflat 0x0140: 650d 0a41 6363 6570 742d 4368 6172 7365 e..Accept-Charse 0x0150: 743a 2049 534f 2d38 3835 392d 312c 7574 t:.ISO-8859-1,ut 0x0160: 662d 383b 713d 302e 372c 2a3b 713d 302e f-8;q=0.7,*;q=0. 0x0170: 370d 0a4b 6565 702d 416c 6976 653a 2033 7..Keep-Alive:.3 0x0180: 3030 0d0a 436f 6e6e 6563 7469 6f6e 3a20 00..Connection:. Obviously, if you're connecting to an SSL-enabled system, then everything you see will be garbage. Footnote: --------- [1] It's pronounced e-thereal, NOT ether-real. Ethereal is *actually* a REAL word, not something made up for a piece of software which just happens to work with ether-net. -- Seeya, Paul _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss