Netshroud Posted November 17, 2009 Share Posted November 17, 2009 If the target/victim computer can, for example, connect to an HTTPS site just by pointing their browser there, what is stopping it being cracked? If the target/victim can decode the reply from the server, why can't a man-in-the-middle? If you have every packet sent and every packet recieved, you have everything the target/victim used to display the final web page, downloaded file, banking information, etc. Quote Link to comment Share on other sites More sharing options...
Sparda Posted November 17, 2009 Share Posted November 17, 2009 The only thing stopping a MITM attack from working with a browser is the verification the browser does in order to determine if the certificate is from a trusted source. The result of this if the certificate cannot be validated is a popup saying "this certificate is not valid/is from untrusted source". In firefox 3.5 it's very awkward to get past this message as you have to expand the "yes I know what I'm doing" drop down then explicitly add an exception. Not sure what IE does, used to be a simple "Are you sure? Yes/no" (as did firefox at some point a while ago) box. You can find out what happens in your current browser by going here: https://getdropbox.com/ Quote Link to comment Share on other sites More sharing options...
digininja Posted November 17, 2009 Share Posted November 17, 2009 Google PKI and factorising large primes. Quite interesting but hard to get your head fully round it all if you don't have a good understanding of maths. Quote Link to comment Share on other sites More sharing options...
digip Posted November 17, 2009 Share Posted November 17, 2009 Didn't darren just do a segment on using MITM for SSL? Quote Link to comment Share on other sites More sharing options...
Netshroud Posted November 17, 2009 Author Share Posted November 17, 2009 Yes, but it strips the SSL out, it doesn't decrypt the SSL traffic for you to see whats flying. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.