Successfully reported this slideshow.
Your SlideShare is downloading. ×

Asfws2014 tproxy

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 14 Ad
Advertisement

More Related Content

Slideshows for you (20)

Similar to Asfws2014 tproxy (20)

Advertisement

More from Cyber Security Alliance (20)

Recently uploaded (20)

Advertisement

Asfws2014 tproxy

  1. 1. TProxy Transparent interception of TCP traffic Application Security Forum - 2014 Western Switzerland 05-66 November 2014 - Y-Parc / Yverdon-les-Bains http://www.appsec-forum.ch Bertrand Mesot & Sylvain Heiniger Objectif Sécurité SA
  2. 2. A work in progress 2
  3. 3. What we try to achieve 3
  4. 4. Get in the middle 4 Bridging – Physical access to cables – Beware of 802.1x security ARP spoofing
  5. 5. Redirect traffic towards TProxy 5 iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port 9080 --tproxy-mark 0x1/0x1
  6. 6. TProxy: intercepted connections 6
  7. 7. TProxy internals 7
  8. 8. TProxy: intercepted messages 8
  9. 9. TProxy: message editors 9 Hexadecimal Wireshark dissection
  10. 10. RDP downgrade attack 10 0x03 → 128-bit RC4 0x01 → 40-bit RC4
  11. 11. TProxy: SSL/TLS 11
  12. 12. IMAP STARTTLS 12 AHRwcm94eUBzeWx2YWluaGVpbmlnZXIuY2gAI3A0c1N3MFJkIQ== ↓ tproxy@sylvainheiniger.ch#p4sSw0Rd!
  13. 13. Tools, languages & toolkits 13 Tools Languages Toolkits
  14. 14. Merci/Thank you! Contact: bertrand.mesot@objectif-securite.ch https://www.objectif-securite.ch Slides: http://slideshare.net/ASF-WS/presentations 14

×