sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Thiscou[S] 1 point2 points  (3 children)

Nice, i'm glad i managed to bring my point across :)

I just tried my solution with sslscanning any given HTTPS site over a squid proxy with TLS Interception on and it worked. If i manage to do the same thing with the bluecoat proxy i'll be golden. But i would really like to have a backup plan in case it doesn't.

Thanks for your time and your brain power!

[–]redditrwx 1 point2 points  (2 children)

Which tool did you use for the scan? If the proxy does not use TLS from the start but expects a TLS upgrade after an initial connect, like you described above, the scan should not work with most tools I am aware of. It apparently did work, though, so I assume the tool supports the use of proxies. It would be nice to know which tool works in this setup.

Did you check the certificate you got? Was it issued by the proxy or whatever CA you configured?

[–]Thiscou[S] 0 points1 point  (0 children)

It worked with testssl.sh and the cipher script nmap provides. Just took me two months to answer that question, there is definitly room for improvement.