09.08.2015 Views

More Tricks For Defeating SSL In Practice

More Tricks For Defeating SSL In Practice

More Tricks For Defeating SSL In Practice

SHOW MORE
SHOW LESS
  • No tags were found...

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

sslsniffsslsniff●<strong>In</strong>tercept a connection fromthe client side.●Generate a certificate for thesite it is connecting to.●Sign it with any random validleaf node certificate.●Pass that certificate chain tothe client.●Make a normal <strong>SSL</strong>connection to the server.●Pass data between client andserver, decrypting andencrypting on each end.Moxie Marlinspike<strong>In</strong>stitute <strong>For</strong> Disruptive Studies

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!