Dailydave mailing list archives

Re: SSL MITM fun.

From: Alexander Sotirov <alex () sotirov net>
Date: Thu, 19 Feb 2009 15:07:35 -0500

On Thu, Feb 19, 2009 at 01:04:33PM -0500, Dan Moniz wrote:

On Thu, Feb 19, 2009 at 12:07 PM, Dave Aitel <dave () immunityinc com> wrote:

1. Register a .cn address and use unicode character for / and ? to
have HTTPS://www.paypal.com/?domain.cn?<some args> validate


Unless I'm missing something, this is essentially what Eric Johanson
said in 2005 about IDN:
http://www.shmoo.com/idn/homograph.txt


Eric used the IDN to register p&#1072;ypal.com, which was displayed as
paypal.com. According to Moxie's presentation, this doesn't work any more
because Firefox always shows the non-IDN version of the domain name for
the .com TLD. Firefox will show the above domain as xn--pypal-4ve.com.

The new idea in this presentation is to use a .cn domain, but use UNICODE
characters that look like '/'. The attacker registers a domain like
www.google.com/blahblahblah.cn, and since this is a .cn domain, the
browser decodes the IDN name and displays the '/' character. Very cool.

This means that as long as there is one TLD which allows IDN, attackers
can spoof any address in any other TLD. IDN is dead.

3. Sign the leaf cert with your leaf cert. This abuses an
implementation flaw in OpenSSL, etc.


If you can sit between endpoints, modify traffic, and you control one
of the eventual endpoints anyway, and only you're jumping through all
these hoops to maintain the illusion for the unsuspecting user, why
not just take control of DNS and *actually* MITM SSL?


No, ever if you sit between endpoints you are not necessarily in control
of the endpoints. For example, sitting in a Starbucks will let you modify
the traffic for other WiFi clients, but you don't have access to the
clients themselves.

What do you mean by "actually MITM SSL"? The leaf signing attack described
above is real MITM on SSL.

Alex

Attachment: _bin
Description:

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

SSL MITM fun. Dave Aitel (Feb 19)
- Message not available
  - SSL MITM fun. Dan Moniz (Feb 19)
    - Re: SSL MITM fun. Alexander Sotirov (Feb 19)
    - Re: SSL MITM fun. Dan Moniz (Feb 19)
    - Re: SSL MITM fun. Chris Weber (Feb 20)
    - Re: SSL MITM fun. Michal Zalewski (Feb 20)
    - Re: SSL MITM fun. Alexander Sotirov (Feb 20)
    - Re: SSL MITM fun. Michal Zalewski (Feb 20)
    - Re: SSL MITM fun. Robert Święcki (Feb 20)
    - Message not available
    - Re: SSL MITM fun. Michal Zalewski (Feb 20)
    - Re: SSL MITM fun. Michal Zalewski (Feb 19)
    - Re: SSL MITM fun. Berend-Jan Wever (Feb 19)
    - Re: SSL MITM fun. Fyodor (Feb 19)

(Thread continues...)