lab5 - CS6823 NEWORK SECURITY LAB 5 SSL MITM Attack 1.0...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
SSL MITM Attack 1.0 Objective The Secure Sockets Layer, SSL is one of the world’s most important forms of commercial encryption. It is the public key system generally employed by e-commerce websites like Amazon, in order to prevent payment details from being intercepted by third parties. The tool – called ‘SSL strip’ – is based around a man-in-the-middle attack, where the system for redirecting people from the insecure to the secure version of a web page is abused. By acting as a man-in-the-middle, the attacker can compromise any information sent between the user and the supposedly secure webpage. This kind of vulnerability has always existed with SSL because it is difFcult to be certain about where the endpoints of communication lie. Rather than having a secure end-to-end connection between Amazon and you, there might be a secure connection between you and an attacker (who can read everything you do in the clear), and then a second secure connection between the attacker and Amazon. DO NOT TARGET ANYTHING OUTSIDE OF VLAB. THIS EXERCISE MUST BE PERFORMED WITHIN THE CONFINES OF VLAB LAB. 1.1 SSLStrip Background Information Before beginning this lab watch the following presentation from Moxie Marlinspike the author of SSLStrip.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 11/02/2010 for the course CS 393 taught by Professor Staff during the Spring '08 term at NYU Poly.

Page1 / 4

lab5 - CS6823 NEWORK SECURITY LAB 5 SSL MITM Attack 1.0...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online