• .NET

    Evaluating Certificates in Fiddler and FiddlerCore

    In this post, I’ll demonstrate a proposal called Convergence, which attempts to detect targeted attacks against HTTPS traffic—for instance, from within a specific locale or country. Here’s how Convergence works: when the client connects to a HTTPS site, it obtains its certificate. It then consults a set of servers around the world, called notaries, and checks to see whether the site in question is sending the same certificate to all of those servers as well.
    January 03, 2013