Subscribe via RSS ... Subscribe via e-mail ... Follow me on Twitter ... Follow me on Facebook ...

tag archive 'SSL'

A proof of concept exploit for the man-in-the-middle vulnerability related to SSL/TLS

posted in Reading material, Stuff on Nov 8th, 2009

This is the document with the proof of concept which explains the attack on the SSL/TLS reconnect vulnerability. It allows to inject data into the encrypted data stream, often without detection by either end of the connection. I normally don’t publish exploit codes because of it’s short time value. But this one is rather special. [...]

read full post »

Defeating SSL using SSLStrip

posted in External tools, Tools & sources on Aug 11th, 2009

At BlackHat DC 2009 Moxie Marlinspike demonstrated how to subvert HTTPS with SSLStrip. SSLStrip intercepts HTTP traffic, watches for HTTPS links inside the data stream and maps these HTTPS links to HTTP. Whenever a victim clicks on such a mapped HTTPS link SSLStrip will notice it and act as a HTTP2HTTPS proxy server. All the [...]

read full post »