443 ) HTTPS
00. Basics
Headers
Content-Security-Policy ## Restricts resources loaded by the browser to prevent XSS attacks.
Strict-Transport-Security ## Enforces HTTPS-only access, blocking HTTP connections.
X-Content-Type-Options ## Prevents MIME-type sniffing, reducing drive-by download risks.
X-Frame-Options ## Blocks clickjacking by controlling frame embedding.
X-XSS-Protection ## Enables browser’s XSS filter to block some XSS attacks.
Referrer-Policy ## Controls referrer information in requests.
Permissions-Policy ## Limits access to features like geolocation and camera.
Cross-Origin-Resource-Policy ## Controls resource access from other origins.
Cross-Origin-Embedder-Policy ## Restricts cross-origin resource embedding.
Cross-Origin-Opener-Policy ## Isolates browsing context to prevent cross-origin access.
Cache-Control ## Prevents caching of sensitive data.
Access-Control-Allow-Origin ## Specifies allowed origins for resource access (CORS).
Access-Control-Allow-Methods ## Defines allowed methods for cross-origin requests (CORS).
Access-Control-Allow-Headers ## Specifies allowed headers in cross-origin requests (CORS).
Expect-CT ## Enforces Certificate Transparency to prevent fake certificates.
Feature-Policy ## Restricts browser features (now called Permissions-Policy).
Public-Key-Pins ## Specifies trusted public keys (deprecated).
X-Permitted-Cross-Domain-Policies ## Controls cross-domain interactions for Flash and PDF files.
## Set-Cookie
Secure ## Sends the cookie only over HTTPS, preventing interception on unencrypted connections.
HttpOnly ## Blocks access to the cookie from JavaScript, protecting it from XSS attacks.
SameSite ## Controls cross-site request behavior to prevent CSRF attacks. Options are:
> Strict ## Sends the cookie only in same-site requests (not in cross-site requests).
> Lax ## Sends the cookie in top-level, same-site requests; partial protection for CSRF.
> None ## Sends the cookie in all requests; requires Secure if used.
01. Heartbleed
sslyze --heartbleed 10.10.10.79
02. Sniff Traffic
sudo mitmdump -p 443 --mode reverse:https://<SERVER-IP> --ssl-insecure --flow-detail=3
03. SSL ERRORS
SSL_ERROR_UNKNOWN_CA_ALERT
/ SSL_ERROR_HANDSHAKE_FAILURE_ALERT
Need to create CA certificate.
## ------------------| Grab certificate
openssl s_client -connect IP:443
## ------------------| Verify/Check certificate
## Extension also can be pem,csr
openssl x509 -in PublicKey.cert -text
## ------------------| Create CA certificate
### Generate our key
openssl genrsa -out certificate.key 2048
### Generate certificate signing request
### Place something for Internet Widgits and FQDN:[email protected]
openssl req -new -key certificate.key -out certificate.csr
### Certificate signing
openssl x509 -req -in certificate.csr -CA PublicKey.cert -CAkey PrivateKey.pem -CAcreateserial -out certificate.pem -days 1024 -sha256
### Package pkcs12 format for browsers
openssl pkcs12 -export -out certificate.pfx -inkey certificate.key -in certificate.pem -certfile PublicKey.cert
04. Extract .crt & .key files from .pfx
openssl pkcs12 -in [yourfile.pfx] -nodes -nocerts -out [drlive.key]
openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [drlive.crt]
openssl rsa -in [drlive.key] -out [drlive-decrypted.key]
openssl rsa -in [keyfile-encrypted.key] -outform PEM -out [keyfile-encrypted-pem.key]
Last updated