Saturday, July 12, 2008

Sniffing Apache over Windows with PHP program

I do not know if this fits here very well but as long as some of simpleSAMLphp users are using Apache over Windows I have thought that this information could be useful.

It has been shown that due to the way that Apache binds to port 80 in Windows environments, it is possible from a php program hosted in an Apache Server in Windows to gain access to any traffic being sent to the server. I attach a more detailed explanation and a video showing a proof of concept:

No comments: