1 / 7

SSL Man-in-the-Middle Attack over Wireless

SSL Man-in-the-Middle Attack over Wireless. Vivek Ramachandran http://www.SecurityTube.Net. What is Man-in-the-Middle?. It is an attack in which a Hacker places himself in between his potential victim and the host that victim communicates with

eros
Download Presentation

SSL Man-in-the-Middle Attack over Wireless

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSL Man-in-the-Middle Attack over Wireless VivekRamachandran http://www.SecurityTube.Net

  2. What is Man-in-the-Middle? • It is an attack in which a Hacker places himself in between his potential victim and the host that victim communicates with • He is able to see / manipulate all traffic sent between the two • Because of the nature of the attack it has to happen at Layer 2

  3. Tools of the Trade • Atheros chipset based wireless card (preferred) • Madwifi-NG drivers for setting card into AP mode • Dnsspoof Utility to send spoofed DNS replies • Delegated proxy server for performing SSL MITM

  4. Attack Premise Hacker I am the “default” AP Hacker is connected to the Internet DnsSpoof HONEYPOT Victim Internet Delegated default Hacker sets up a wireless Honeypot

  5. Attack Steps Hacker DNS Request for mail.yahoo.com DnsSpoof DNS Reply mail.yahoo.com at 192.168.1.1 Forwards Reply from Yahoo back to Client HONEYPOT Victim 192.168.1.1 Delegated https://mail.yahoo.com default Sends False Certificate Internet Accepts Certificate Sends Authentication Data Forwards Data to the real Yahoo Server 192.168.1.2

  6. Delegated – A closer look SPOOFED CERT Delegated YAHOO CERT Victim Yahoo Delegated Uses Yahoo’s certificate to communicate with Yahoo email servers Delegated Uses a self generated certificate to communicate with Client

  7. Demo • We will recreate this entire setup and see the demo in the next video • The video will feature the hack from a Victim’s perspective • Basics of making the setup have been discussed in this video already • Left as an exercise for the user to recreate the setup

More Related