[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Browser with weak ciphers in testing ?



 Hi.

On Sat, 25 Jul 2015 20:03:59 +0200
Erwan David <erwan@rail.eu.org> wrote:

> To access some appliances/devices whose https console only knows weak
> ciphers (but on a protected network), I need a browser accepting those
> weak ciphers (less I go to each device with a serial cable to enable the
> clear connection).
> 
> What are my options in testing ?

Let's see. You need anything that's linked with libssl, which leaves us
with:

- elinks2
- w3m

If the appliances in question require Javascript, those won't do the
job. What you need or the conventional browsers *and* TLS-capable proxy
(sslstrip or mitmproxy). Or, a MITM tool, such as sslsniff.

For the ad-hoc connections, ncat (from nmap package), or plain old
socat should do the trick.

You could also proxy the connection to such devices with a Web-server
(both apache and nginx can do this), but the setup is somewhat tricky.

Reco


Reply to: