SSL MITM Attack Over Wireless

13,156 views

Published on

Published in: Technology, News & Politics

SSL MITM Attack Over Wireless

  1. 1. SSL Man-in-the-Middle Attack over Wireless Vivek Ramachandran http://www.SecurityTube.Net
  2. 2. What is Man-in-the-Middle? <ul><li>It is an attack in which a Hacker places himself in between his potential victim and the host that victim communicates with </li></ul><ul><li>He is able to see / manipulate all traffic sent between the two </li></ul><ul><li>Because of the nature of the attack it has to happen at Layer 2 </li></ul>
  3. 3. Tools of the Trade <ul><li>Atheros chipset based wireless card (preferred) </li></ul><ul><li>Madwifi-NG drivers for setting card into AP mode </li></ul><ul><li>Dnsspoof Utility to send spoofed DNS replies </li></ul><ul><li>Delegated proxy server for performing SSL MITM </li></ul>
  4. 4. Attack Premise Victim Hacker Internet default I am the “default” AP DnsSpoof Delegated Hacker is connected to the Internet Hacker sets up a wireless Honeypot HONEYPOT
  5. 5. Attack Steps Victim Hacker Internet default DnsSpoof Delegated HONEYPOT DNS Request for mail.yahoo.com 192.168.1.1 192.168.1.2 DNS Reply mail.yahoo.com at 192.168.1.1 https://mail.yahoo.com Sends False Certificate Accepts Certificate Sends Authentication Data Forwards Data to the real Yahoo Server Forwards Reply from Yahoo back to Client
  6. 6. Delegated – A closer look Delegated Yahoo Victim SPOOFED CERT YAHOO CERT Delegated Uses a self generated certificate to communicate with Client Delegated Uses Yahoo’s certificate to communicate with Yahoo email servers
  7. 7. Demo <ul><li>We will recreate this entire setup and see the demo in the next video </li></ul><ul><li>The video will feature the hack from a Victim’s perspective </li></ul><ul><li>Basics of making the setup have been discussed in this video already </li></ul><ul><li>Left as an exercise for the user to recreate the setup </li></ul>

×