Dailydave mailing list archives
SSL MITM fun.
From: Dan Moniz <dnm () pobox com>
Date: Thu, 19 Feb 2009 13:04:33 -0500
On Thu, Feb 19, 2009 at 12:07 PM, Dave Aitel <dave () immunityinc com> wrote:
This is a good presentation. https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf Essentially he details 3 attacks (from what I can tell): 1. Register a .cn address and use unicode character for / and ? to have HTTPS://www.paypal.com/?domain.cn?<some args> validate
Unless I'm missing something, this is essentially what Eric Johanson said in 2005 about IDN: http://www.shmoo.com/idn/homograph.txt
2. Force user to stay on HTTP by MITM proxy that does modifications to the data as it goes through. Send HTTPS to the server, and HTTP to the client. Use a Lock icon as your Faveicon to fool the user they are "secure" even though they see HTTP:// instead o HTTPS:// 3. Sign the leaf cert with your leaf cert. This abuses an implementation flaw in OpenSSL, etc.
If you can sit between endpoints, modify traffic, and you control one of the eventual endpoints anyway, and only you're jumping through all these hoops to maintain the illusion for the unsuspecting user, why not just take control of DNS and *actually* MITM SSL? -- Dan Moniz <dnm () pobox com> [http://pobox.com/~dnm/] _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- SSL MITM fun. Dave Aitel (Feb 19)
- Message not available
- SSL MITM fun. Dan Moniz (Feb 19)
- Re: SSL MITM fun. Alexander Sotirov (Feb 19)
- Re: SSL MITM fun. Dan Moniz (Feb 19)
- Re: SSL MITM fun. Chris Weber (Feb 20)
- Re: SSL MITM fun. Michal Zalewski (Feb 20)
- Re: SSL MITM fun. Alexander Sotirov (Feb 20)
- Re: SSL MITM fun. Michal Zalewski (Feb 20)
- Re: SSL MITM fun. Robert Święcki (Feb 20)
- Message not available
- Re: SSL MITM fun. Michal Zalewski (Feb 20)
- SSL MITM fun. Dan Moniz (Feb 19)
- Message not available
- Re: SSL MITM fun. Michal Zalewski (Feb 19)
- Re: SSL MITM fun. Berend-Jan Wever (Feb 19)