Question: Some websites use SSL/TLS connections when logging in users. These connections are encrypted and therefore cannot be intercepted by web proxies. Does Impostor work with such websites?

Answer: Yes. Whenever a website requests an SSL/TLS connection, Impostor sets up two such connections: one to the website (the "server-side" connection) and one to the browser (the "client-side" connection). Impostor sits in the middle; it decrypts the traffic on the one SSL/TLS connection, intercepts the traffic, and then re-encrypts before forwarding it on the other SSL/TLS connection. In this way, Impostor continues to works normally even in the context of SSL/TLS connections while websites remain unaware of Impostor's presence. However, because client-side SSL/TLS connections are being setup with Impostor's public key certificate (rather than the websites'), your browser may complain about the certificate not matching the website. 

Question: Which versions of HTTP does Impostor support?

Answer: Currently, it supports version 1.0 and version 1.1. However, Impostor does not currently support persistent HTTP connections. Impostor downgrades HTTP 1.1 connections to version 1.0 "on the fly". This means that no special adjustments need to be done at the browser. However, in some circumstances, it may have an impact on efficiency. In future versions this limitation will be removed.

Question: What is the set of SSO-enabled websites?

Answer: Currently, Impostor provides Single Sign-On for the following websites.

• Microsoft Hotmail (www.hotmail.com)
• Yahoo Mail (secure login version) (mail.yahoo.com)
• Royal Holloway, University of London Webmail (webmail.rhul.ac.uk)

Question: Can you include XYZ in the list of SSO-enabled websites?

Answer: Yes, if you let us know. 

Question: Which browsers can I use with Impostor?

Answer: Impostor has been successfully tested with Microsoft Internet Explorer, Netscape, Mozilla and Konqueror. Most probably, it will work with other browsers, too! If you have tested Impostor with some other browser, please let us know!

Question: When I browse using the Impostor proxy, I sometimes get a "security warning" saying that "there is a problem with the website's certificate" or something similar. Is this normal?

Answer: Yes (see the first question in this faq). The browser expects to see the website's certificate but it actually sees Impostor's certificate. You should make sure, however, that it actually is Impostor's certificate. 

Other Questions

Question: Why is the web proxy called "Impostor".

Answer: Because it intercepts SSL/TLS connections (see first question of this faq). This behavior, although perfectly legitimate in the scenario of Single Sign-On, has certain similarities with the behavior of someone, an "Impostor", trying to mount a specific type of network attack (called a "man-in-the-middle" attack).  

Question: I would like to support the Impostor project. How can I do that?

Answer: Click here to find out how.