JoshCheek/mithm.txt

## mithm.txt
Note 1:
  "cpez" represents an encrypted body bc
  "cpez" == "body".chars.map(&:succ).join

Note 2:
  :80  means "port 80",  ie HTTP
  :443 means "port 443", ie HTTPS

SSL Strip (I think):
  Browser            MitM              Server
     | -- GET :80/ -> |  -- GET :80/  -> |
     |                |  <- 302 :443/ -- |
     |                |  -- GET :443/ -> |
     |                |  <- 200 cpez  -- |
     | <- 200 body -- |                  |

My hypothesis:
  Server could track your public key from previous logins
  then when MitM tries to handshake, server could realize
  that the key is different. IDK if this will work, b/c
  there's no reason to think you can't change your key
  (eg probably changes across browsers / devices)
	Note 1:
	"cpez" represents an encrypted body bc
	"cpez" == "body".chars.map(&:succ).join

	Note 2:
	:80 means "port 80", ie HTTP
	:443 means "port 443", ie HTTPS

	SSL Strip (I think):
	Browser MitM Server
	\| -- GET :80/ -> \| -- GET :80/ -> \|
	\| \| <- 302 :443/ -- \|
	\| \| -- GET :443/ -> \|
	\| \| <- 200 cpez -- \|
	\| <- 200 body -- \| \|

	My hypothesis:
	Server could track your public key from previous logins
	then when MitM tries to handshake, server could realize
	that the key is different. IDK if this will work, b/c
	there's no reason to think you can't change your key
	(eg probably changes across browsers / devices)