Re: SSL MITM not on port 443
- From: Ahmad Taha <ahmad.taha@xxxxxxx>
- Date: Thu, 28 Aug 2008 11:56:33 +0300
Hi,
You can also try to redirect/tunnel the connection, use some tool to listen on the required port and forward the traffic to ettercap on port 443, you can accomplish this with many ways. I hope this will fix your problem:)
Regards,
Ahmad Taha Zaki
christopher.riley@xxxxxxx wrote:
Unfortunately i've already tried to use Paros as a MITM proxy for the connection. The application does complain about the certificate, as you'd expect. However I need to replace the normal Paros certificate with one that is faked especially for the application (such as the ones created by Ettercap or Cain), however Paros or Burp suite refuse to use these certificates for some reason. Webmitm accepts the certificate but doesn't seem to function for the connection, and Ettercap seems to ignore the connection as it's not on port 443. I need to make sure that the certificate authentication can't be fooled by a certificate with almost the same information as the original. I guess a source code review is the only way to make sure.
Thanks for the feedback.
rgill@xxxxxxxxxxxxxxxxx@inet 27.08.2008 19:24
An
christopher.riley@xxxxxxx, pen-test@xxxxxxxxxxxxxxxxx
Kopie
Thema
RE: SSL MITM not on port 443
Try pointing the application to a MITM proxy like Paros
(http://www.parosproxy.org/index.shtml) or WebScarab
(http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project). Such
a proxy sits in the middle of the client application and the server and
presents its own certificate to both sides so it can MITM the connection
between the client and the server. You should be able to see all
communication clear text in the proxy. A security savvy client
application will throw a warning to indicate that it is being presented
with a ssl cert, it doesn't trust or recognize.
If the application accepts the MITM ssl cert presented by the proxy
without any warnings etc., it is vulnerable.
-Robbie
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of christopher.riley@xxxxxxx
Sent: Wednesday, August 27, 2008 4:33 AM
To: pen-test@xxxxxxxxxxxxxxxxx
Subject: SSL MITM not on port 443
I've come across a problem in a pentest that I'm working on right now
that I thought the members of the list might be able to assist me with.
I'm working with a propriatary software (written in C++) that
communicates on a high port number using HTTPS. I'm trying to test to see if the software can be fooled into accepting a false certificate and then
traffic decoded into clear text.
So far I've tried Ettercap, webmitm and CAIN without much luck. The closest I can get is Ettercap capturing the communication, however it doesn't offer a forged certificate and all captured traffic is still encrypted using the normal server certificate. Not much of a MITM
attack. I've confirmed that Ettercap works as advertised against a couple of
sites in Internet Explorer and all seems to work normally.
Does anybody know of a way to force Ettercap to perform an SSL mitm even
though the port isn't associated with HTTPS ? or maybe you can suggest a
better tool for the job ? I can control where the application looks for the server, so I can divert it through some kind of forwarding proxy if needed ?
Thanks,
Chris Riley
----------------------------------------
Raiffeisen Informatik GmbH, Firmenbuchnr. 88239p, Handelsgericht Wien,
DVR 0486809, UID ATU 16351908
Der Austausch von Nachrichten mit oben angefuehrtem Absender via E-Mail
dient ausschliesslich Informationszwecken. Rechtsgeschaeftliche
Erklaerungen duerfen ueber dieses Medium nicht ausgetauscht werden. Correspondence with above mentioned sender via e-mail is only for
information purposes. This medium may not be used for exchange of
legally-binding communications.
----------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
----------------------------------------
Raiffeisen Informatik GmbH, Firmenbuchnr. 88239p, Handelsgericht Wien, DVR 0486809, UID ATU 16351908
Der Austausch von Nachrichten mit oben angefuehrtem Absender via E-Mail dient ausschliesslich Informationszwecken. Rechtsgeschaeftliche Erklaerungen duerfen ueber dieses Medium nicht ausgetauscht werden. Correspondence with above mentioned sender via e-mail is only for information purposes. This medium may not be used for exchange of legally-binding communications.
----------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
- References:
- RE: SSL MITM not on port 443
- From: christopher . riley
- RE: SSL MITM not on port 443
- Prev by Date: Re: SSL MITM not on port 443
- Next by Date: Injection attacks in ASPX/ASP.NET applications
- Previous by thread: Re: SSL MITM not on port 443
- Next by thread: RE: SSL MITM not on port 443
- Index(es):
Relevant Pages
|
