The WLAN Security Megaprimer from SecurityTube.net


WLAN Security Megaprimer Part 13 : SSL Man-In-The-Middle Attacks

In this video, we will learn how to conduct an SSL Man-in-the-Middle attacker over wireless. You are urged to watch the following videos as well created by me on this topic; these talk about the basics of the attack in more detail:

http://www.securitytube.net/video/100 http://www.securitytube.net/video/101

We will use the setup we created in the previous video and run a couple of new tools, namely - Dnsspoof and Burpsuite Proxy. The basic idea is to hijack the application running on the victim by first using Dnsspoof to inject spoofed DNS responses for the DNS requests made by the victim. Once the victim DNS cache is poisoned, all further requests will be sent to the attacker's IP address. Now in the SSL MITM case, we will run Burpsuite to attach a proxy to port 80 and 443. Now when the application on the victim sends any request it goes through the attacker's proxy. At this point, the attacker can passively monitor or modify any data sent to/from the victim almost transparently. The only indication the victim gets a alert on the browser window warning him of certificate problems. Now if he victim accepts the risk (which 95% users do) and clicks through the warning, the rest is history :)

Video Player should be visible here. If not, install / upgrade flash

Have any Questions? or would like to add a point?

Visit the video page on SecurityTube to post your questions and comments : http://www.securitytube.net/video/1783