SSL Man-in-the-Middle Attack over Wireless - PowerPoint PPT Presentation

eros
ssl man in the middle attack over wireless n.
Skip this Video
Loading SlideShow in 5 Seconds..
SSL Man-in-the-Middle Attack over Wireless PowerPoint Presentation
Download Presentation
SSL Man-in-the-Middle Attack over Wireless

play fullscreen
1 / 7
Download Presentation
SSL Man-in-the-Middle Attack over Wireless
175 Views
Download Presentation

SSL Man-in-the-Middle Attack over Wireless

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. SSL Man-in-the-Middle Attack over Wireless VivekRamachandran http://www.SecurityTube.Net

  2. What is Man-in-the-Middle? • It is an attack in which a Hacker places himself in between his potential victim and the host that victim communicates with • He is able to see / manipulate all traffic sent between the two • Because of the nature of the attack it has to happen at Layer 2

  3. Tools of the Trade • Atheros chipset based wireless card (preferred) • Madwifi-NG drivers for setting card into AP mode • Dnsspoof Utility to send spoofed DNS replies • Delegated proxy server for performing SSL MITM

  4. Attack Premise Hacker I am the “default” AP Hacker is connected to the Internet DnsSpoof HONEYPOT Victim Internet Delegated default Hacker sets up a wireless Honeypot

  5. Attack Steps Hacker DNS Request for mail.yahoo.com DnsSpoof DNS Reply mail.yahoo.com at 192.168.1.1 Forwards Reply from Yahoo back to Client HONEYPOT Victim 192.168.1.1 Delegated https://mail.yahoo.com default Sends False Certificate Internet Accepts Certificate Sends Authentication Data Forwards Data to the real Yahoo Server 192.168.1.2

  6. Delegated – A closer look SPOOFED CERT Delegated YAHOO CERT Victim Yahoo Delegated Uses Yahoo’s certificate to communicate with Yahoo email servers Delegated Uses a self generated certificate to communicate with Client

  7. Demo • We will recreate this entire setup and see the demo in the next video • The video will feature the hack from a Victim’s perspective • Basics of making the setup have been discussed in this video already • Left as an exercise for the user to recreate the setup