Topics
General News Antivirus Reviews Network Defense Spyware Anti-Spam Phishing Scams Virus Alerts

Security Forums
Desktop Security Malware Removal Help Spam Blocking Patches and Hotfixes Antivirus Support Network Security Firewalls and Routers Intrusion Detection Web Proxies

Quick Resources
About Antisource Malware Threats Triangle Free Virus Scan Virus Map

Hacker's man-in-middle SSL attack

Thursday, February 19, 2009
Author: Richard S. Westmoreland
Permalink: sslstrip-secure-sites-attack

Network Defense

At the last Black Hat security conference, Marlinspike, a hacker, announced he would release SSLstrip, which allows hackers to gain access to SSL-encrypted data.

Here is how SSLstrip works:

- Performs Man-in-the-Middle on the (plaintext) HTTP connection
- Replaces all the HTTPS links with HTTPS look-alikes
- Communicates with the end-user's web browser with look-alike HTTPS for any secure link
- Communicates with the web server over HTTPS for the same secure link
- SSLstrip acts as a proxy between the end-user and the web server
- SSLstrip captures POST
- Page is forwarded back to real HTTPS page

The attack had been tested on one of Marlinspike's public servers. He was able to record 117 email accounts, 16 credit card numbers, 7 paypal logins, and about 300 other site credentials.

For the original article, read:

http://www.forbes.com/2009/02/18/black-hat-hackers-technology-security_0218_blackhat.html

Here is Black Hat's interview with Marlinspike:

http://www.youtube.com/watch?v=Rvp0oPluuLE

For more information about how HTTPS/SSL itself works, visit:

http://technet.microsoft.com/e.../library/cc785811.aspx

https://www.securetrust.com/resources/how-ssl-works