When analyzing the communications of a website, one of the scripts it’s used is TestSSL because it’s a fast way to test the cryptography and certificates of the site. However, in the final report the results of this script should not be used as an evidence. That’s why I want to do a summary of how to check manually SSL/TLS vulnerabilities.
SSH’s port forwarding feature can smuggle various types of Internet traffic into or out of a network. This can be used to avoid network monitoring or sniffers, or bypass badly configured routers on the Internet.
Nmap uses raw IP packets to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
This option is sometimes useful if the application you are targeting employs a thick client component that runs outside of the browser, or a browser plugin that makes its own HTTP requests outside of the browser’s framework. Often, these clients don’t support HTTP proxies, or don’t provide an easy way to configure them to use one.
Some templates I can use when I am doing my posts.
Hello World