Skip to content

bytemonkk/ShadowSentinel

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 

Repository files navigation

ShadowSentinel

ShadowSentinel Banner

Exploring HTTP/HTTPS Security Through Controlled Downgrade Attack Simulations


Overview

ShadowSentinel is a hands-on exploration of HTTP and HTTPS communication through controlled security experiments conducted in an isolated virtual environment.

The project explores how protocol downgrade scenarios can occur under insecure configurations and examines how modern web security mechanisms—including HSTS, TLS certificate validation, and browser security policies—help defend against them.

Rather than claiming to "break HTTPS," ShadowSentinel focuses on understanding protocol behavior, experimenting with real-world security concepts, and learning how modern browsers and transport-layer protections mitigate downgrade attacks in authorized environments.


Highlights

  • HTTP & HTTPS communication analysis
  • Controlled protocol downgrade simulation
  • Browser security mechanism evaluation
  • TLS certificate validation study
  • HSTS behavior analysis
  • Network traffic inspection
  • Fully isolated virtual environment

Technology Stack

Category Technologies
Operating System Kali Linux
Virtualization VMware
Network Analysis Wireshark
Proxy & Inspection Burp Suite
Browser Firefox

Objectives

  • Study HTTP and HTTPS communication
  • Observe protocol behavior under controlled conditions
  • Analyze downgrade scenarios in isolated environments
  • Understand browser security protections
  • Evaluate modern defensive mechanisms
  • Document security observations

Security Mechanisms Studied

  • HTTP Strict Transport Security (HSTS)
  • TLS Certificate Validation
  • Browser Security Policies
  • Mixed Content Protection
  • Secure Transport Enforcement
  • HTTPS Redirect Policies

repository insights

Topics include:

  • Experimental setup
  • Network topology
  • Protocol observations
  • Browser behavior
  • Defensive mechanisms
  • Conclusions

Ethical Notice

This repository is intended solely for educational, defensive, and security research purposes.

All experiments were conducted within an isolated virtual environment on systems owned by or explicitly authorized for testing. The repository does not encourage or endorse unauthorized access, testing, or misuse of computer systems or networks.


ShadowSentinel
Exploring Web Security Through Responsible Research

About

Built a controlled virtual environment to simulate HTTPS downgrade attacks using client-side JavaScript in an authorized lab and analyzed how HSTS, TLS certificate validation, and modern browser security policies defend against protocol downgrade attacks.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors