Gianluca Posted July 24, 2014 Share Posted July 24, 2014 Hi guys, On my blog I wrote a post about MitM attack using SSLStrip + arpspoof. It's in Italian so I don't know if u can undestand: http://www.gianlucaghettini.net/intercettazione-traffico-https-e-recupero-dati-sensibili/ Other than the actual attack (which is very well known) I focused on the HSTS policy and how it is useful to prevent such attacks. Do you known any successful attempt to break such security policy? Poisoning the DNS cache of the target host could lead to a scenario in which the target browser goes to a fake domain, receive a forged HTTP header with a max-age value of zero: Strict-Transport-Security: max-age=0; includeSubDomains and then get redirected to the real site. The HSTS RFC says that browser SHOULD ignore the HSTS header when in HTTP mode but maybe this very specific check was not implemented on all browser. Quote Link to comment Share on other sites More sharing options...
cooper Posted July 24, 2014 Share Posted July 24, 2014 From what I understand typical cache poisoning doesn't work because not only is a domain looked up to find the ip address, a reverse DNS lookup is also performed on that IP which must return the same domain name. Failing that, no SSL connection will be established. I don't believe the reverse lookups are cached, so you have a challenge there. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.