Undectable MITM/SSL in Wlan Network?
Hallo,
lets say there are several clients in a wlan and someone is using Thunderbird or Firefox with SSL (lets say gmail/pop3..) to receive emails. If someone (in the same wlan) will set up a MITM attack is it possible the client doesn't get notified about the attack? Or in other words is a perfect MITM attack possible in the intranet before entering the internet? I'm not sure but isn't ssl auth done between AP and destination (gmail) only and everything before or after is vulnerable? I think i read in the forum that ssl itself does always know about the security breach. Its only the programs that do not give proper error messages. Is that true?
I sniffed with wireshark and handshaking was done with gmail servers directly but you never know someone (in the wlan) will set something up later. I don't want to run wireshark all the time. Its a shared wlan by design but you never know what ppl are doing late at night so i'm wondering if everything really remains private if no error comes up when i get my emails.
The user should be presented with an invalid certificate pop-up and be asked if they want to accept it or not, or should get a firefox "certificate error page" (can't remember the exact name, it's what happens with invalid certs when using newer firefox versions).
Ok, so SSL itself is safe against MITM attacks. Thanks!
Well given the right amount of CPU power you could be able to create a SSL certificate by using a MD5 hash collision causing it to look like the originial certificate of a site but it will be working for your computer information (IP, name etc).
Fortunately people won't have the necessary hardware for quite some time. Or would you purchase around 200 PS3's?
Tiocfaidh ár lá
There was a way on firefox, that if you new what site they were going to, and it was https, you could send there cert, but they would have had to have gone to the site before(cache).Firefox with SSL
Try milworm, if you cant find it I will post it, it just a coulpe of line of html code.
Moxie Marlinspike has developed a tool called sslstrip that can trick browsers into thinking they are on an SSL/HTTPS secured site when in fact they are not. The implication is that all the traffic from the regular HTTP site could then be easily collected by an attacker since the information is not secured. Search the forum for "ettercap & sslstrip"
In a world where data is the coin of the realm, and transmissions are guarded by no better sentinels
than man-made codes and corruptible devices, there is no such thing as a secret
I don't think so.....Originally Posted by Maniaxx
But if you (or the software) checks for valid certificates it should be safe. If i get it right none of these methods can fool that.
"""Ok, so SSL itself is safe against MITM attacks. Thanks!""
All fixed set patterns are incapable of adaptability or pliability. The truth is outside of all fixed patterns.
Bruce Lee
sslstrip
/Thread
Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.
Posting Permissions
