SSL And TLS Attacks | SSL Man In The Middle
In our last post we discussed a little about attacking weak ciphers in this post we will have our look on how a Man In The Middle (MITM) attacks can be performed over SSL and TSL encrypted data transfer. The attack uses SSL strip developed by Moxie Marlin Spike with a ARP spoofing tool and a packet sniffer. The attack can be exclusively performed from UNIX and Linux based platforms hence I suggest you to use Dsniff. Practically SSL strip was developed to demonstrate how an attacker can lead visitors to visit his/her site from legitimate site. The attack used misinterpretation of null characters vulnerability which existed in several certificates during 2009.
0 comments:
Post a Comment