HTTPS | 443

00. Basics

Headers

Content-Security-Policy	        ## Restricts resources loaded by the browser to prevent XSS attacks.
Strict-Transport-Security	## Enforces HTTPS-only access, blocking HTTP connections.
X-Content-Type-Options	        ## Prevents MIME-type sniffing, reducing drive-by download risks.
X-Frame-Options	                ## Blocks clickjacking by controlling frame embedding.
X-XSS-Protection	        ## Enables browser’s XSS filter to block some XSS attacks.
Referrer-Policy	                ## Controls referrer information in requests.
Permissions-Policy	        ## Limits access to features like geolocation and camera.
Cross-Origin-Resource-Policy	## Controls resource access from other origins.
Cross-Origin-Embedder-Policy	## Restricts cross-origin resource embedding.
Cross-Origin-Opener-Policy	## Isolates browsing context to prevent cross-origin access.
Cache-Control	                ## Prevents caching of sensitive data.
Access-Control-Allow-Origin	## Specifies allowed origins for resource access (CORS).
Access-Control-Allow-Methods	## Defines allowed methods for cross-origin requests (CORS).
Access-Control-Allow-Headers	## Specifies allowed headers in cross-origin requests (CORS).
Expect-CT	                ## Enforces Certificate Transparency to prevent fake certificates.
Feature-Policy	                ## Restricts browser features (now called Permissions-Policy).
Public-Key-Pins	                ## Specifies trusted public keys (deprecated).
X-Permitted-Cross-Domain-Policies	## Controls cross-domain interactions for Flash and PDF files.

## Set-Cookie
Secure	     ## Sends the cookie only over HTTPS, preventing interception on unencrypted connections.
HttpOnly     ## Blocks access to the cookie from JavaScript, protecting it from XSS attacks.
SameSite     ## Controls cross-site request behavior to prevent CSRF attacks. Options are:
    > Strict ## Sends the cookie only in same-site requests (not in cross-site requests).
    > Lax    ## Sends the cookie in top-level, same-site requests; partial protection for CSRF.
    > None   ## Sends the cookie in all requests; requires Secure if used.

01. Heartbleed

sslyze --heartbleed 10.10.10.79

02. Sniff Traffic

sudo mitmdump -p 443 --mode reverse:https://<SERVER-IP> --ssl-insecure --flow-detail=3

03. SSL ERRORS

SSL_ERROR_UNKNOWN_CA_ALERT / SSL_ERROR_HANDSHAKE_FAILURE_ALERT

Need to create CA certificate.

## ------------------| Grab certificate
openssl s_client -connect IP:443

## ------------------| Verify/Check certificate
## Extension also can be pem,csr
openssl x509 -in PublicKey.cert -text

## ------------------| Create CA certificate
### Generate our key
openssl genrsa -out certificate.key 2048
### Generate certificate signing request 
### Place something for Internet Widgits and FQDN:[email protected]      
openssl req -new -key certificate.key -out certificate.csr
### Certificate signing
openssl x509 -req -in certificate.csr -CA PublicKey.cert -CAkey PrivateKey.pem -CAcreateserial -out certificate.pem -days 1024 -sha256             
### Package pkcs12 format for browsers
openssl pkcs12 -export -out certificate.pfx -inkey certificate.key -in certificate.pem -certfile PublicKey.cert

04. Extract .crt & .key files from .pfx

openssl pkcs12 -in [yourfile.pfx] -nodes -nocerts -out [drlive.key]
openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [drlive.crt]
openssl rsa -in [drlive.key] -out [drlive-decrypted.key]

openssl rsa -in [keyfile-encrypted.key] -outform PEM -out [keyfile-encrypted-pem.key]

Last updated 7 months ago

Was this helpful?