More Tricks For Defeating SSL In Practice

More documents

Recommendations

Info

$\H1B%-12345X@PJL JOB “HackingPrinters”$

sslsniffsslsniff●Intercept a connection fromthe client side.●Generate a certificate for thesite it is connecting to.●Sign it with any random validleaf node certificate.●Pass that certificate chain tothe client.●Make a normal SSLconnection to the server.●Pass data between client andserver, decrypting andencrypting on each end.Moxie MarlinspikeInstitute For Disruptive Studies
Page 1: More Tricks For Defeating SSL InPra
Page 7 and 8: Certificate ChainingVeriSignInterme
Page 9 and 10: What they say:●●●●Verify th
Page 11 and 12: VeriSignWhat if...IntermediateCAInt
Page 13 and 14: What they say:●●●●Verify th
Page 15 and 16: But we just created a valid certifi
Page 17 and 18: ...is a somewhat obscure field.Moxi
Page 19 and 20: And then in 2002...●●●Microso
Page 21: sslsniffMoxie MarlinspikeInstitute
Page 25 and 26: iefMoxie MarlinspikeInstitute For D
Page 27 and 28: SSL can be useful, but how it's dep
Page 29 and 30: In the context of web browsing●It
Page 31 and 32: Moxie MarlinspikeInstitute For Disr
Page 33 and 34: sslsniffMoxie MarlinspikeInstitute
Page 35 and 36: sslstrip●Watch HTTP traffic go by
Page 37 and 38: How Does It Look?
Page 39 and 40: How Does It Look?
Page 41: the evolution of positive/negativef
Page 44 and 45: Some sites provide no visible diffe
Page 46 and 47: Secure Or Stripped?
Page 48 and 49: Where can we go from here?Moxie Mar
Page 50 and 51: What's with certificates, anyways?X
Page 56 and 57: The Big Three● Secrecy● Authent
Page 58 and 59: SSL Handshake BeginningsX509Certifi
Page 60 and 61: Let's start by looking back once mo
Page 62 and 63: Notaries!Moxie MarlinspikeInstitute
Page 64 and 65: Phone Calls!Moxie MarlinspikeInstit
Page 66 and 67: That is a bygone eraMoxie Marlinspi
Page 68 and 69: Moxie MarlinspikeInstitute For Disr
Page 70 and 71: PKCS #10CertificateRequestVersionSu
Page 72 and 73:
PKCS #10CertificateRequestVersionSu
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
SubjectsDistinguishedNameCountrySta
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
CN Encoding●Essentially, the CN f
Page 88 and 89:
PKCS #10 SubjectCommon Namewww.thou
Page 90 and 91:
PKCS #10 SubjectCommon Nameiiiiiiii
Page 92 and 93:
PKCS #10 Certificate SigningRequest
Page 94 and 95:
Our Original ScenarioAttackerClient
Page 96 and 97:
Our Original Scenariochar *destinat
Page 98 and 99:
In memory, though...char *destinati
Page 100 and 101:
What are “most” SSL implementat
Page 102 and 103:
How does it look?Moxie MarlinspikeI
Page 104 and 105:
How does it look?Moxie MarlinspikeI
Page 106 and 107:
DisadvantagesMoxie MarlinspikeInsti
Page 108 and 109:
Maybe there's another trick in here
Page 110 and 111:
Moxie MarlinspikeInstitute For Disr
Page 112 and 113:
Moxie MarlinspikeInstitute For Disr
Page 114 and 115:
Universal Wildcard*\0.thoughtcrime.
Page 116 and 117:
Other Weird Stuff●(www.paypal.com
Page 118 and 119:
And... your remote exploit.● 144
Page 120 and 121:
And... your remote exploit.● 144
Page 122 and 123:
And... your remote exploit.(AAAAAAA
Page 124 and 125:
And... your remote exploit.(AAAAAAA
Page 126 and 127:
A Second Cut: updated sslsniffsslsn
Page 128 and 129:
What do we have to worry about?1) C
Page 130 and 131:
What do we have to worry about?1) C
Page 132 and 133:
Defeating OCSPOCSPResponse ::= SEQU
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
PROPOSED STANDARDNetwork Working Gr
Page 144 and 145:
What do we have to worry about?2) U
Page 146 and 147:
Firefox/Thunderbird: A Case Study
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Postscript:Stripping NULL is no sol
Page 154 and 155:
Postscript:Stripping NULL is no sol
Page 156:
sslsniff and sslstrip:http://www.th
show all

More Tricks For Defeating SSL In Practice

Create successful ePaper yourself

Delete template?

Save as template?