# HTTPS | 443 ## 00. Basics * Headers ```bash Content-Security-Policy ## Restricts resources loaded by the browser to prevent XSS attacks. Strict-Transport-Security ## Enforces HTTPS-only access, blocking HTTP connections. X-Content-Type-Options ## Prevents MIME-type sniffing, reducing drive-by download risks. X-Frame-Options ## Blocks clickjacking by controlling frame embedding. X-XSS-Protection ## Enables browser’s XSS filter to block some XSS attacks. Referrer-Policy ## Controls referrer information in requests. Permissions-Policy ## Limits access to features like geolocation and camera. Cross-Origin-Resource-Policy ## Controls resource access from other origins. Cross-Origin-Embedder-Policy ## Restricts cross-origin resource embedding. Cross-Origin-Opener-Policy ## Isolates browsing context to prevent cross-origin access. Cache-Control ## Prevents caching of sensitive data. Access-Control-Allow-Origin ## Specifies allowed origins for resource access (CORS). Access-Control-Allow-Methods ## Defines allowed methods for cross-origin requests (CORS). Access-Control-Allow-Headers ## Specifies allowed headers in cross-origin requests (CORS). Expect-CT ## Enforces Certificate Transparency to prevent fake certificates. Feature-Policy ## Restricts browser features (now called Permissions-Policy). Public-Key-Pins ## Specifies trusted public keys (deprecated). X-Permitted-Cross-Domain-Policies ## Controls cross-domain interactions for Flash and PDF files. ## Set-Cookie Secure ## Sends the cookie only over HTTPS, preventing interception on unencrypted connections. HttpOnly ## Blocks access to the cookie from JavaScript, protecting it from XSS attacks. SameSite ## Controls cross-site request behavior to prevent CSRF attacks. Options are: > Strict ## Sends the cookie only in same-site requests (not in cross-site requests). > Lax ## Sends the cookie in top-level, same-site requests; partial protection for CSRF. > None ## Sends the cookie in all requests; requires Secure if used. ``` ## 01. Heartbleed ```bash sslyze --heartbleed 10.10.10.79 ``` ## 02. Sniff Traffic ```bash sudo mitmdump -p 443 --mode reverse:https:// --ssl-insecure --flow-detail=3 ``` ## 03. SSL ERRORS `SSL_ERROR_UNKNOWN_CA_ALERT` / `SSL_ERROR_HANDSHAKE_FAILURE_ALERT` Need to create CA certificate. ```bash ## ------------------| Grab certificate openssl s_client -connect IP:443 ## ------------------| Verify/Check certificate ## Extension also can be pem,csr openssl x509 -in PublicKey.cert -text ## ------------------| Create CA certificate ### Generate our key openssl genrsa -out certificate.key 2048 ### Generate certificate signing request ### Place something for Internet Widgits and FQDN:h4rithd@fourtune.htb openssl req -new -key certificate.key -out certificate.csr ### Certificate signing openssl x509 -req -in certificate.csr -CA PublicKey.cert -CAkey PrivateKey.pem -CAcreateserial -out certificate.pem -days 1024 -sha256 ### Package pkcs12 format for browsers openssl pkcs12 -export -out certificate.pfx -inkey certificate.key -in certificate.pem -certfile PublicKey.cert ``` ## 04. Extract .crt & .key files from .pfx ```bash openssl pkcs12 -in [yourfile.pfx] -nodes -nocerts -out [drlive.key] openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [drlive.crt] openssl rsa -in [drlive.key] -out [drlive-decrypted.key] openssl rsa -in [keyfile-encrypted.key] -outform PEM -out [keyfile-encrypted-pem.key] ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.h4rithd.com/tcp/443-https.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.