
Firefox: HTTPS and response code 407 - stakent
http://lcamtuf.blogspot.com/2013/02/firefox-https-and-response-code-407.html
======
underwater
For those that were wondering, HTTP 407 is "Proxy Authentication Required".

------
stanleydrew
I don't quite understand. If you already went to the trouble to set up a rouge
SSL proxy on a network, can't you just silently inject content into the
original response that would then run in the same origin context?

Surely I'm misunderstanding the meaning of SSL proxy. Can someone explain how
such a thing works.

~~~
stanleydrew
After a bit more reading I realize where the misunderstanding is. The proxy is
just a regular HTTP proxy. You coerce the client into using it using some sort
of forced auto-discovery protocol which would be transparent to the user. Then
the 407 trick makes sense to get JavaScript to execute in the "secure" page's
context, since an HTTP proxy wouldn't have access to the response content of a
request made over HTTPS.

------
mhurron
I have to ask, since I like playing with HTTP 418

HTTP/1.0 407 Boink

What is up with the Boink here?

~~~
eridius
The text after the code doesn't actually matter. It's just there for human
consumption.

~~~
mhurron
Ah thank you. Not particularly surprising since I've never seen anything
beyond the status code checked.

