How to Counter Man-in-the-Middle SSLstrip Attack

How to Counter Man-in-the-Middle SSLstrip Attack - Using...

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
Click to edit Master subtitle style 10/28/09 Using Secure Search Engine to Counter Web based Man- Capstone Project Description
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
10/28/09 Outline What is web based Man In The Middle Attack? What is web based phishing? How to prevent it? SSE architecture SSL verifier Phishing filter Browser extension
Background image of page 2
10/28/09 MITM In cryptography, the man-in- the-middle attack or bucket- brigade attack (often abbreviated MITM ), sometimes Janus attack , is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
10/28/09 MITM in Web based Cli ent I am the web server client
Background image of page 4
10/28/09 What if we enable SSL? Bad news: most of existing SSL applications only use server-side certificate. How about user-side certificate: users usually do not use (know) client side certificate.
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
10/28/09 Some typical web portals.
Background image of page 6
10/28/09 The way to encounter https 1. http 302 2. Click a link 3. Manually input the https in the address bar
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
10/28/09 sslstrip demo Network Configuration Normal traffic
Background image of page 8
10/28/09 sslstrip demo Network Configuration redirected traffic ht tp htt ps
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 10/28/2009 for the course CSE 598 taught by Professor Huang during the Fall '09 term at University of Arizona- Tucson.

Page1 / 23

How to Counter Man-in-the-Middle SSLstrip Attack - Using...

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online