WingNews logo WingNews
top | item 46806551

(no title)

jmuncor | 1 month ago

Just fixed it and implemented a simple http relay, eliminating the mitmproxy and the ssl_insecure=true. The new implementation uses TLS verification, doing last tests and merging it... After the merge can you check it out and tell me if I earned your star? :D

discuss

order

catlifeonmars|1 month ago

I’m not sure you fully understand the implications of the misconfiguration of mitmproxy there. Effectively you provided an easily accessible front door for remote code execution on a user’s machine.

No offense, but I wouldn’t trust anything else you published.

I think it’s great that you are learning and it is difficult to put yourself out there and publish code, but what you originally wrote had serious implications and could have caused real harm to users.

jmuncor|1 month ago

Ohh my, no offense taken... The next time I will be a lot more careful with the stuff that I put out there. Learning and getting the hang of it, would love if you either comment on the code or here any other things you think could be improved. I am in the process of getting better and appreciate all the blunt and transparent feedback. No one grows out of praise.

throwaway277432|1 month ago

>tell me if I earned your star

Since you asked: Not in a million years, no.

A bug of this type is either an honest typo or a sign that the author(s) don't take security seriously. Even if it were a typo, any serious author would've put a large FIXME right there when adding that line disabling verification. I know I would. In any case a huge red flag for a mitm tool.

Seeing that it's vibe coded leads me believe it's due to AI slop, not a simple typo from debugging.

jmuncor|1 month ago

I love the real feedback tbh, I am still learning, and want to learn as much as possible. Would love if you can review it and tell me bluntly either in the repo or here the things that should be improved. I would love to learn more from you and get better :D

ewuhic|1 month ago

You don't understand what you're doing, and never will. Throw away all computing devices you've got.