using MITM and packet editing to defeat SSL/TLS : is this a valid method ?
-
I'm studying security -on my own- and need to clear out a few things ! If I've learned this correctly HTTPS connections do these things: 1)public key from server to client 2)client encrypts a key he generates using public key 3) sends encrypted key to server 4) server decrypts the message with his private key 5) voilà! the two sides are ready to exchange information using symetric ciphers so asymmetric encryptiong is only used for sending a symmetric key over the network suppose I have a certificate and I can decrypt messages encrypted with its public key I perform a MITM attack (say ARP spoof),intercept and change the certificate the server sends with the one I know its private key. browsers pops a little warning most users ignore ("WTF is a trusted certificate anyway ??") most of the times user proceeds the key is encrypted using my public key and sent to the server I intercept the key,decrypt it,and encrypt it again with the public key the server sent then let it go to the server. server decrypts the key and I can see every info the two sides exchange. well...is it that simple ? I don't have time to test it these days so Im asking you I believe/hope I am mistaken and a "do you want to proceed" message is not the only guard
-
I'm studying security -on my own- and need to clear out a few things ! If I've learned this correctly HTTPS connections do these things: 1)public key from server to client 2)client encrypts a key he generates using public key 3) sends encrypted key to server 4) server decrypts the message with his private key 5) voilà! the two sides are ready to exchange information using symetric ciphers so asymmetric encryptiong is only used for sending a symmetric key over the network suppose I have a certificate and I can decrypt messages encrypted with its public key I perform a MITM attack (say ARP spoof),intercept and change the certificate the server sends with the one I know its private key. browsers pops a little warning most users ignore ("WTF is a trusted certificate anyway ??") most of the times user proceeds the key is encrypted using my public key and sent to the server I intercept the key,decrypt it,and encrypt it again with the public key the server sent then let it go to the server. server decrypts the key and I can see every info the two sides exchange. well...is it that simple ? I don't have time to test it these days so Im asking you I believe/hope I am mistaken and a "do you want to proceed" message is not the only guard
Member 10964099 wrote:
browsers pops a little warning most users ignore ("WTF is a trusted certificate anyway ??")
You can't fix stupid; but browser vendors are making it a lot more than "bad cert, continue anyway? Yes. No." FF's current procedure always involves swearing when I need to remember how to make it work because some internal dev server only has a selfsigned cert.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, waging all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies. -- Sarah Hoyt