Https

https is a protocol identical to normal http:// which uses a different port (443, not http's port 80) and an additional encryption/authentication layer between HTTP and TCP.

Security[edit]

https provides an additional encryption layer between HTTP and TCP, and that's it.

http will fetch many resources pr. request. (the HTML page, stylesheet, images, etc).
https does not disturb timing much. It does not hide the lenght of request.

Attacks[edit]

Visit SSL websites and profile the requests. Make a list of the requests, retrieved resources and their lenghts.
Then observe the sequence of retrieved resource lenghts of the victim. Compare it to the profiles and you can make a relatively good guess about which page they match.

This can further be used by looking at the links on the web-pages on a https protected website. Guess which pages a user are likely to go to from other pages, and you're able to make a good guess at the sequence.

Additional security[edit]

Tor is a network security tool which protects against traffic analysis. Tor is a excellent way of adding additional protection to protocols such as https and SSH.

Https

Security[edit]

Attacks[edit]

Additional security[edit]

Navigation menu

Page actions

Page actions

Personal tools

Search

Navigation

fun free games

software benchmarks

educational videos

Comparisons

Great software

for beginners

cheat sheets

HOWTO

한국어

confused?

feed reader feeds

try your luck

logs

Tools