You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
B) SSL<br />
The SSL protocol functions with the sending <strong>of</strong> a public key certificate, which will be used to encrypt<br />
the communication in a secure canal, following the same methodology as SSH. The attack is therefore<br />
in theory quite similar. The pirate will emulate on a relay machine, through which the victim passes, an<br />
SSL server, who de-encrypts and re-encrypts the communication to forward it to the final server. The<br />
Ettercap utility, that we have already studied, knows how to implement this type <strong>of</strong> attack without any<br />
particular option.<br />
Another method is to force the user to pass through a proxy server that also implements an SSL<br />
server (SSL<strong>Pro</strong>xy : http://www.obdev.at/products/ssl-proxy/). For conventional HTTP requests we will<br />
use Achilles on Windows.<br />
This utility is a proxy HTTP server, which can log the communications it transits, and which can modify<br />
the contents <strong>of</strong> requests or <strong>of</strong> answers destined to the client or the web server. Simply specify a port<br />
that will be listened to and activate the options: Intercept mode ON, Intercept Client Data, Intercept<br />
Server Data and ignore .jpg/.gif.<br />
In the main window, you can modify the contents <strong>of</strong> the requests or <strong>of</strong> the web pages sent. Be careful<br />
when you forward the communication between the two parties in this mode, as you will have to<br />
validate each request or page with the Send button.<br />
<strong>Security</strong><br />
SSL certificates are known sites that are generally referenced in databases automatically<br />
consulted by web navigators, in order to check that the certificate sent back is an authentic one.<br />
When it is a fake one, a warning is sent back.<br />
The <strong>Hack</strong>ademy DMP -97/209- SYSDREAM