Hacker News new | comments | show | ask | jobs | submit login
Firefox: HTTPS and response code 407 (lcamtuf.blogspot.com)
43 points by stakent on Feb 20, 2013 | hide | past | web | favorite | 6 comments

For those that were wondering, HTTP 407 is "Proxy Authentication Required".

I don't quite understand. If you already went to the trouble to set up a rouge SSL proxy on a network, can't you just silently inject content into the original response that would then run in the same origin context?

Surely I'm misunderstanding the meaning of SSL proxy. Can someone explain how such a thing works.

After a bit more reading I realize where the misunderstanding is. The proxy is just a regular HTTP proxy. You coerce the client into using it using some sort of forced auto-discovery protocol which would be transparent to the user. Then the 407 trick makes sense to get JavaScript to execute in the "secure" page's context, since an HTTP proxy wouldn't have access to the response content of a request made over HTTPS.

I have to ask, since I like playing with HTTP 418

HTTP/1.0 407 Boink

What is up with the Boink here?

The text after the code doesn't actually matter. It's just there for human consumption.

Ah thank you. Not particularly surprising since I've never seen anything beyond the status code checked.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact