Tips for pen testing a non-standard HTTPS server?
I'm working with the developer of a game to pentest their login server. Their login server does not respond to GET requests but it does respond to POST requests if they're crafted properly. Since it's a working login server, I can access their login server normally through the game client. How would I decrypt the game client's traffic from my end so I can peak into the communications? Would I have to try to man-in-the-middle or decompile the game client?
1 Reply
I will add- server appears to be encrypted through SSL not TLS.
idk if that changes much but if it does.
nmap -sV gave it a big fat https?