Category Archives: security

Viewing HTTPS Handshakes in Fiddler

You can easily use Fiddler to evaluate what algorithms a client is using to connect to a HTTPS server in Fiddler. First, adjust Fiddler’s configuration using Tools > Fiddler Options to enable capture of CONNECT tunnels but disable decryption: Disabling decryption is necessary because Fiddler decrypts traffic using a HTTPS man-in-the-middle technique, which means thatContinue reading “Viewing HTTPS Handshakes in Fiddler”

Duct Tape and Baling Wire–Cookie Prefixes

Update: Cookie Prefixes are supported by Chrome 49, Opera 36, and Firefox 50. Test page; no status from the Edge team.  A new cookie feature called SameSite Cookies has been shipped by Chrome, Firefox and Edge; it addresses slightly different threats. When I worked on Internet Explorer, we were severely constrained on development resources. WhileContinue reading “Duct Tape and Baling Wire–Cookie Prefixes”

Help–The Whole Web Thinks I’m Using IE7!!!

Every few weeks for the last six or so years, I see someone complain on Twitter or in forums that the entire Internet seems to think they’re running an old version of IE. For instance, an IE11 user on Windows 8.1 might see the following warning on Facebook: These warnings typically occur when the browserContinue reading “Help–The Whole Web Thinks I’m Using IE7!!!”

Brotli

2022 Update: Brotli is requested by 94% of browsers, offers great performance, and works amazingly well on Web Assembly code. If you’re still using GZIP today, you should update! Regular readers of my blog know how much I love Zopfli, Google’s compression engine that often shrinks output by 5% or better when compared to theContinue reading “Brotli”

Stupid (useful) Windows Shell Tricks

RunAsUser Back in the Windows Vista timeframe, the existing RunAs verb for ShellExecute was changed. Instead of prompting the user to run the target as a different user (e.g. the experience you get when you Shift-Right-Click on an app) it instead would treat the call as “Run the target as an Elevated Administrator”. Well, whatContinue reading “Stupid (useful) Windows Shell Tricks”