Game

Video Games! Independent, homebrew, hacked or open source. We love offbeat games.

Geek

It takes one to know one, and we huge geeks. If it doesn’t fit in another category look here.

Hack

From man-in-the-middle attacks to GPU accelerated password cracking. We love hacks.

IT

Information Technology. Network Administrators. Code Monkeys. The “Company Computer Guy”

Mod

Warranties be damned! Flashing, unlocking, unbrick, modifying and otherwise “making it better”

-
Home » Hack

Strip SSL security with a man-in-the-middle attack

Submitted by Darren on December 14, 2009 – 3:09 am4 Comments

Darren demonstrates a little man-in-the-middle attack using SSLStrip, an epic tool for removing that pesky encryption from your victims browsing session. Go from secure site to clear-text passwords in one simple step.

Moxie Marlinspike’s SSLStrip, released at Blackhat/DEFCON this year, is a tool that transparently hijacks HTTP traffic and redirects HTTPS links to look-alike HTTP links. While this description barely scratches the surface, Darren’s segment takes a closer look including a pracitcal demonstration of a man-in-the-middle attack using arpspoof and a little luck with remote-exploit’s BackTrack 4 penetration testing distribution.

VN:F [1.7.8_1020]
Rating: 9.6/10 (9 votes cast)
Strip SSL security with a man-in-the-middle attack9.6109

4 Comments »

Leave a comment!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.