Full Disclosure mailing list archives
Interception of SSL 3 communication
From: Eli Feigin <feiginml () gmail com>
Date: Tue, 14 Feb 2006 19:03:36 +0200
I am trying to perform a man in the middle attack on a local client application. The application client (VB application) uses a client side certificate located on a smart card (GEMPLUS) to encrypt co communication with the server (Java servlet). All I know is that the application accesses a url like this: https:// www.thesite.com via SSL 3. I don't have the source of the client code, but I would like to view/alter the communication in some way. When the card is inserted IE is able to view the certificate, and export it in several formats. I tried Paros to intercept the communication but I couldn't meet its certificate requirements. Thanks to anyone who can help me intercept the communication.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Interception of SSL 3 communication Eli Feigin (Feb 14)