Re: SSL Scanner



royend wrote:
On 28 Okt, 04:49, Solbu <so...@xxxxxxxxxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

royend sent the following transmission through subspace:

the project focuses on the vulnerability of
the web, and I am hoping to shove that even though SSL is implemented
the packages might be vulnerable to a Man-In-The-Middle-Attack (please
correct me if I am wrong), as the packages might be intercepted by an
attacker.
If someone intercepts the packages using a man-in-the-middle-attack,
the encryption will break, thus alerting the user.

You cannot intercept encrypted packages
without alerting the user that someone _IS_ intercepting them.
Because the certificate will be wrong.

- --
Solbu -http://www.solbu.net
Remove 'ugyldig.' for email
PGP key ID: 0xFA687324
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFHJAbBT1rWTfpocyQRAqGlAKCxkpbRHcfiYKUr10lkzQ9BBC1siwCg9/fW
ZpxgxPOj+WIKQd7tmRv8fSo=
=wwlT
-----END PGP SIGNATURE-----


On 28 Okt, 11:29, Jim Watt <jimw...@xxxxxxxxxx> wrote:
On Sat, 27 Oct 2007 08:22:11 -0700, royend <roy...@xxxxxxxxx> wrote:
Is there any programs you would recommend which will handle SSL/TLS?
Would for instance a program like Ethereal be able to read packages
using SSL protocols?
Explanation why it can't be done...
--
Jim Watt http://www.gibnet.com

That is what I thought (and hoped for...).
Can the packages be saved when intercepted and without changing the
package be used in a replay attack?

royend.

:%s/package/packet/g

i'm sorry in my native language 'pakket' has both meanings as well but still
i know the difference and the appropriate term when using them in english
.



Relevant Pages

  • Re: SSL Scanner
    ... royend sent the following transmission through subspace: ... You cannot intercept encrypted packages ... using SSL protocols? ...
    (alt.computer.security)
  • Re: New CTAN package: coverpage
    ... A few packages exist which can be used to add arbitrary boxes to specific or all pages. ... I use a simplified version of this: there is no need to intercept anything, I just provide my completely assembled cover page box to \shipout. ... adding a watermark image under or on top of the coverpage only requires a few lines of extra code; I have do write my own shipout macro anyway. ...
    (comp.text.tex)