SSLSniff
- 1 minSummary
Worked on a short research with SSL Sniff, a tool that exploits SSL, to see if it is still usable and whether if it could be used in a Network Security Class to provide better understanding of how vulnerable SSL could be and demonstrate Man-in-the-Middle Attack.
SSL Sniff
SSL Sniff is a tool developed by Moxie Marlinspike to demonstrate how vulnerable SSL System was around 10 years ago. It shows a great example of how a seemingly through security could be easily broken, mainly through unexpected components of the system. The video below is a great presentation given by Moxie Marlinespike on how it all works.
Research
Using the tool provided, we were able to demonstrate part of the process, successfully retrieving the username and the password of a user that was connected to the same network (This was on a private network)
This also worked as we were able to generate a certificate of the website the user was logging into on the fly, although as you can see, the “issued by” field is pretty obvious.
Documentation
The Documentation shows the step by step process of what we were able to get running