Downloaded 220 times
More Related Content
![Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]](https://cdn.slidesharecdn.com/ss_thumbnails/codedagentsdeck-251215155422-5497c599-thumbnail.jpg?width=640&height=640&fit=bounds)
SSL MITM Attack Over Wireless
- 1. SSL Man-in-the-Middle Attackover Wireless Vivek Ramachandran http://www.SecurityTube.Net
- 2. What is Man-in-the-Middle?It is an attack in which a Hacker places himself in between his potential victim and the host that victim communicates with He is able to see / manipulate all traffic sent between the two Because of the nature of the attack it has to happen at Layer 2
- 3. Tools of theTrade Atheros chipset based wireless card (preferred) Madwifi-NG drivers for setting card into AP mode Dnsspoof Utility to send spoofed DNS replies Delegated proxy server for performing SSL MITM
- 4. Attack Premise VictimHacker Internet default I am the “default” AP DnsSpoof Delegated Hacker is connected to the Internet Hacker sets up a wireless Honeypot HONEYPOT
- 5. Attack Steps VictimHacker Internet default DnsSpoof Delegated HONEYPOT DNS Request for mail.yahoo.com 192.168.1.1 192.168.1.2 DNS Reply mail.yahoo.com at 192.168.1.1 https://mail.yahoo.com Sends False Certificate Accepts Certificate Sends Authentication Data Forwards Data to the real Yahoo Server Forwards Reply from Yahoo back to Client
- 6. Delegated – Acloser look Delegated Yahoo Victim SPOOFED CERT YAHOO CERT Delegated Uses a self generated certificate to communicate with Client Delegated Uses Yahoo’s certificate to communicate with Yahoo email servers
- 7. Demo We willrecreate this entire setup and see the demo in the next video The video will feature the hack from a Victim’s perspective Basics of making the setup have been discussed in this video already Left as an exercise for the user to recreate the setup