Open deknos opened 3 years ago
Most of badssl.com is just a tree of nested nginx
configs that happen to be serving static files. You're welcome to fork and replace the static content in places like this:
(I don't think it would make a lot of sense to add to the root project itself, though.)
so we can like practically show the SSL problems on real shops? So Users can send data and perhaps even show that on a separate instance
I'm not quite sure what you mean, but I'd like to encourage you to make sure not to put any real users at risk. That would be bad for the users, and might get you in trouble for bad data privacy practices.
I'm not quite sure what you mean, but I'd like to encourage you to make sure not to put any real users at risk. That would be bad for the users, and might get you in trouble for bad data privacy practices.
Hi, i'm not sure, you understood me. juiceshop is a software which anyone can setup/use for learning about security vulnerabilities. like DWVA or DVL back in the day. The idea would be, not only hacking juiceshop with their XSS-Problems, but also combining that with the SSL problems. that makes it even more.. realistic and people understand, why you want good working SSL on your site.
Hello, is it possible/how hard would it be to use badssl as kind of an reverse proxy with juiceshop? so we can like practically show the SSL problems on real shops? So Users can send data and perhaps even show that on a separate instance, because the SSL encryption/certificate verification is broken?