Your SlideShare is downloading. ×
0
SSL MITM Attack Over Wireless
SSL MITM Attack Over Wireless
SSL MITM Attack Over Wireless
SSL MITM Attack Over Wireless
SSL MITM Attack Over Wireless
SSL MITM Attack Over Wireless
SSL MITM Attack Over Wireless
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

SSL MITM Attack Over Wireless

12,212

Published on

Published in: Technology, News & Politics
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
12,212
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
154
Comments
0
Likes
4
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. SSL Man-in-the-Middle Attack over Wireless Vivek Ramachandran http://www.SecurityTube.Net
  • 2. What is Man-in-the-Middle?
    • It is an attack in which a Hacker places himself in between his potential victim and the host that victim communicates with
    • He is able to see / manipulate all traffic sent between the two
    • Because of the nature of the attack it has to happen at Layer 2
  • 3. Tools of the Trade
    • Atheros chipset based wireless card (preferred)
    • Madwifi-NG drivers for setting card into AP mode
    • Dnsspoof Utility to send spoofed DNS replies
    • Delegated proxy server for performing SSL MITM
  • 4. Attack Premise Victim Hacker Internet default I am the “default” AP DnsSpoof Delegated Hacker is connected to the Internet Hacker sets up a wireless Honeypot HONEYPOT
  • 5. Attack Steps Victim Hacker Internet default DnsSpoof Delegated HONEYPOT DNS Request for mail.yahoo.com 192.168.1.1 192.168.1.2 DNS Reply mail.yahoo.com at 192.168.1.1 https://mail.yahoo.com Sends False Certificate Accepts Certificate Sends Authentication Data Forwards Data to the real Yahoo Server Forwards Reply from Yahoo back to Client
  • 6. Delegated – A closer look Delegated Yahoo Victim SPOOFED CERT YAHOO CERT Delegated Uses a self generated certificate to communicate with Client Delegated Uses Yahoo’s certificate to communicate with Yahoo email servers
  • 7. Demo
    • We will recreate this entire setup and see the demo in the next video
    • The video will feature the hack from a Victim’s perspective
    • Basics of making the setup have been discussed in this video already
    • Left as an exercise for the user to recreate the setup

×