PaiMei, is a reverse engineering framework consisting of multiple extensible components. The framework can essentially be thought of as a reverse engineer’s swiss army knife and has already been proven effective for a wide range of both static and dynamic tasks such as fuzzer assistance, code coverage tracking, data flow tracking and more.

via OpenRCE/paimei ยท GitHub.

Working on a WCF service with transport security using client certificates for credentials, I came across this error today:

“The SSL settings for the service ‘SslRequireCert’ does not match those of the IIS ‘Ssl’.”

Having figured out what the issue is, now the message is obvious but before I had the solution, google search lead me nowhere. I finally figured it that IIS’s default setting for handling client side certificate is to ignore them. Once I changed it from “Ignore” to “Accept”, the service started working.

As a recap here is the simplified configuration of the service:

<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled=”true”/>
<services>
<service name=”MyServiceName” behaviorConfiguration=”ServiceBehavior”>
<endpoint address=”” binding=”basicHttpBinding” bindingConfiguration=”AuthenticatedSoap11Binding” contract=”IMyServiceContract” />
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name=”AuthenticatedSoap11Binding” transferMode=”Buffered”>
<security mode=”Transport”>
<transport clientCredentialType=”Certificate” />
</security>
</binding>
</basicHttpBinding>
</bindings>
</system.serviceModel>

Here is a screenshot of the Setting in IIS:

IIS Client Certificate Settings

Qubes is an open source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. In the future it might also run Windows apps. [more]

via Home.