badssl.com
toxiproxy
badssl.com | toxiproxy | |
---|---|---|
34 | 25 | |
2,740 | 10,313 | |
0.7% | 0.8% | |
2.7 | 6.4 | |
10 months ago | 7 days ago | |
HTML | Go | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
badssl.com
- Badssl.com
- Netsec területen jártas arcok, mi a véleményetek az alábbi LifeProTip-ről?
-
Please Someone give me some website links that say "The site ahead contains harmful programs" or "the site ahead contains malware" on a red screen. Give the direct links. And if you can "the site ahead may charge you money".
Probably to demo it? I wish Google had "this link will always be considered harmful", like the stuff on https://badssl.com/.
-
Intune Management ADMX
With SSLVersionMin, I think TLS 1.0 and TLS 1.1 protocols are already disabled (they were originally going to be disabled in 2020, but it was postponed). If I try going to test pages on https://badssl.com/ that use those protocols, Brave displays an "Unsupported protocol" error page with error code ERR_SSL_VERSION_OR_CIPHER_MISMATCH – with no option for the user to bypass the error page. However, I'm not sure why InTune won't allow you to configure it to TLS 1.2 minimum version anyway.
-
is using a private dns safe ?
See https://badssl.com/, or for a simple example of what happen when you access a page redirected by naughty DNS, set your private DNS to family.adguard-dns.com, then try opening PornHub.
-
Ignore Certificate Errors
.DESCRIPTION This cmdlet tests a URI for connectivity, and checks whether the TLS certificate is valid, expired, expiring soon, and returns information about the certificate when used with InformationLevel 'Detailed'. .PARAMETER Uri Specifies an HTTP/HTTPS URI. For example, https://www.powershellgallery.com .PARAMETER InformationLevel Specifies whether to return detailed information, or a simple $true or $false. .EXAMPLE Test-Uri https://badssl.com/ Returns a detailed TestUriResult with an IsTrusted property value of $true under normal circumstances. .EXAMPLE Test-Uri https://badssl.com/ -InformationLevel Quiet Returns a value of $true under normal circumstances. .EXAMPLE Test-Uri https://expired.badssl.com/ Returns a detailed TestUriResult with an IsExpired property value of $true .EXAMPLE Test-Uri https://expired.badssl.com/ Returns a detailed TestUriResult with an IsExpired property value of $true .EXAMPLE Test-Uri https://tls-v1-1.badssl.com:1011/ -SslProtocol Tls11 Returns a detailed TestUriResult where IsTrusted and UriTestSucceeded are $true, because we've specified to use SslProtocol Tls11. .EXAMPLE Test-Uri https://tls-v1-1.badssl.com:1011/ Returns a detailed TestUriResult where IsTrusted and UriTestSucceeded are $false, because only Tls12 and Tls13 are trusted by default. #> [CmdletBinding()] param ( [Parameter(Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName, Position = 0)] [uri[]] $Uri, [Parameter()] [System.Security.Authentication.SslProtocols[]] $SslProtocol = @([System.Security.Authentication.SslProtocols]::Tls12, [System.Security.Authentication.SslProtocols]::Tls13), [Parameter()] [ValidateSet('Detailed', 'Quiet')] [string] $InformationLevel = 'Detailed' ) process { [System.Security.Authentication.SslProtocols]$trustedProtocols = 0 $SslProtocol | Foreach-Object { $trustedProtocols = $trustedProtocols -bor $_ } foreach ($address in $Uri) { $result = [pscustomobject]@{ PSTypeName = 'TestUriResult' Uri = $address RemoteAddress = $null RemotePort = $null SourceAddress = $null RemoteCertificate = $null CipherAlgorithm = $null HashAlgorithm = $null SslProtocol = $null TcpTestSucceeded = $false UriTestSucceeded = $false IsExpired = $false IsExpiring = $false IsTrusted = $false } try { $tcpClient = [net.sockets.tcpclient]::new($address.Host, $address.Port) $result.TcpTestSucceeded = $true $result.RemoteAddress = $tcpClient.Client.RemoteEndPoint.Address $result.RemotePort = $tcpClient.Client.RemoteEndPoint.Port $result.SourceAddress = $tcpclient.Client.LocalEndPoint.Address if ($address.Scheme -eq 'https') { $stream = $tcpClient.GetStream() $sslStream = [net.security.sslstream]::new($stream, $false, { $true }) $protocols = 0; [enum]::GetValues([System.Security.Authentication.SslProtocols]) | Where-Object { $_ -match '(Ssl|Tls)' } | Foreach-Object { $protocols = $protocols -bor $_ } $sslStream.AuthenticateAsClient($address.Host, $null, $protocols, $true) $certInfo = [security.cryptography.x509certificates.x509certificate2]::new($sslStream.RemoteCertificate) $result.SslProtocol = $sslStream.SslProtocol $result.RemoteCertificate = $certInfo $result.CipherAlgorithm = $sslStream.CipherAlgorithm $result.HashAlgorithm = $sslStream.HashAlgorithm $result.IsExpired = $certInfo.NotAfter -le (Get-Date) $result.IsExpiring = $certInfo.NotAfter -le (Get-Date).AddDays(30) $result.IsTrusted = $certInfo.Verify() -and ($sslStream.SslProtocol -band $trustedProtocols) $result.UriTestSucceeded = $result.IsTrusted -and !$result.IsExpired -and ($sslStream.SslProtocol -band $trustedProtocols) if (-not ($sslStream.SslProtocol -band $trustedProtocols)) { Write-Warning "The transport layer security protocol $($sslStream.SslProtocol) is not in the list of trusted protocols: $trustedProtocols." } if ($result.IsExpired) { Write-Warning "Certificate for '$address' is expired. Subject='$($result.RemoteCertificate.Subject)'; NotAfter='$($result.RemoteCertificate.NotAfter.ToString('o'))'" } elseif ($result.IsExpiring) { Write-Warning "Certificate for '$address' expires in 30 days or less. Subject='$($result.RemoteCertificate.Subject)'; NotAfter='$($result.RemoteCertificate.NotAfter.ToString('o'))'" } } } catch { Write-Error -ErrorRecord $_ } finally { if ($sslStream) { $sslStream.Dispose() } if ($stream) { $stream.Dispose() } if ($tcpClient) { $tcpClient.Dispose() } } if ($InformationLevel -eq 'Quiet') { $result.UriTestSucceeded } else { $result } } }
-
How Does VPN Protect for Man-in-the-Middle?
Just use https://badssl.com/ to test the various errors.
-
hello guys.I am working on a project and I need an expired digital certificate.Anyone with an expired digital certificate kindly inbox
For developers needing to test responses to various SSL issues there is https://badssl.com. Not my site, but one I use frequently to demonstrate the result of bad/incorrectly configured certificates.
-
Expired SSL/TLS Certificate - consequences/outage?
https://badssl.com/ is a nice website, it shows all the ways ssl can be misconfigured. So you can see how it affects connections.
-
Privaxy: Opensource, extension-less adblocker, manifest v3 resistant
Modern Web Browsers implement robust, thorough control over SSL/TLS connections, including trust list management, protocol downgrade protection, etc. Using an HTTPS interception proxy therefore means the proxy has to implement all those controls, properly. At the very least, this shouldn't have any problems connecting to https://badssl.com/ (Google's test site, although I don't think this is currently maintained).
toxiproxy
-
Speedbump – a TCP proxy to simulate variable network latency
Checkout also shopify's awesome tool called toxiproxy: https://github.com/Shopify/toxiproxy
It turns out to be also a very good way to test a networking library by implementing it. Since your stack needs to be able to basically handle most adverse events properly.
The idea behind 'chaos engineering' is cool.
- Toxiproxy – simulate network and system conditions for chaos testing
-
Twenty-five open-source network emulators and simulators you can use in 2023
I use this to simulate delays between various local services:
https://github.com/Shopify/toxiproxy
If you have Docker all you need is a few terminal commands
-
Artificially Producing Poor Internet?
Idk about firewall level, but application level I’d recommend https://github.com/Shopify/toxiproxy
-
Regarding default TCP setting in Golang and how it effects speed
That's why I usually recommend anybody that develops network critical apps to test their app with something like toxiproxy and purposfully mess with their connections and simulate network issues.
-
Performance testing with slow connection and packet loss
We use this thing. https://github.com/Shopify/toxiproxy I am not sure that it supports windows, but you can install it to the Linux machine and route your application under the test to that proxy.
-
Speedbump - a TCP proxy for simulating variable network latency
On the same vibes as https://github.com/Shopify/toxiproxy
-
Ask HN: How do I force network failures during development against remote APIs?
https://github.com/Shopify/toxiproxy is a perfect solution for that. I used it quite successfully years ago and it looks like it's still pretty active.
-
Is there a tool to control bandwidth for debugging purposes?
Looking at the toxiproxy you mentioned, it seems like it should do what you want though? TLS is generally over TCP anyway, so it should still be able to throttle those connections - it just wont understand the encryption. I also saw a pull request for having it act as a TLS man-in-the-middle proxy: https://github.com/Shopify/toxiproxy/pull/270
What are some alternatives?
SSLContext-Kickstart - 🔐 A lightweight high level library for configuring a http client or server based on SSLContext or other properties such as TrustManager, KeyManager or Trusted Certificates to communicate over SSL TLS for one way authentication or two way authentication provided by the SSLFactory. Support for Java, Scala and Kotlin based clients with examples. Available client examples are: Apache HttpClient, OkHttp, Spring RestTemplate, Spring WebFlux WebClient Jetty and Netty, the old and the new JDK HttpClient, the old and the new Jersey Client, Google HttpClient, Unirest, Retrofit, Feign, Methanol, Vertx, Scala client Finagle, Featherbed, Dispatch Reboot, AsyncHttpClient, Sttp, Akka, Requests Scala, Http4s Blaze, Kotlin client Fuel, http4k Kohttp and Ktor. Also gRPC, WebSocket and ElasticSearch examples are included
rkt
cryptonice - CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration and supporting protocols such as HTTP2 and DNS.
heka - DEPRECATED: Data collection and processing made easy.
RootTheBox - A Game of Hackers (CTF Scoreboard & Game Manager)
Hugo - The world’s fastest framework for building websites.
httpbin - HTTP Request & Response Service, written in Python + Flask.
Juju - Orchestration engine that enables the deployment, integration and lifecycle management of applications at any scale, on any infrastructure (Kubernetes or otherwise).
Firefox-UI-Fix - 🦊 I respect proton UI and aim to improve it.
nes - NES emulator written in Go.
e2guardian - E2guardian is a web content filter that can work in proxy, transparent or icap server modes
pwc - Password card generator