Our great sponsors
-
vulnerable-by-design
Node.js security best practices. Each practice demonstrates a vulnerable mini-project example and how to secure it.
-
mkcert
A simple zero-config tool to make locally trusted development certificates with any names you'd like.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
mitmproxy
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
You can find a vulnerable project demonstrating the SSLstrip attack in the series repo.
1. Generate a local root Certificate Authority (CA). For the test to be realistic, we need a website protected with a valid (as the browser sees it) certificate. mkcert is a great tool that makes it simple to generate TLS certificates for local development.
3. Build the Docker image. It is based on the official Node.js image. It also contains mitmproxy to simulate the MITM router as well as a script to facilitate the SSLstrip attack.