Re: SSL Scanner

royend wrote:
On 28 Okt, 04:49, Solbu <so...@xxxxxxxxxxxxxxxx> wrote:
Hash: SHA1

royend sent the following transmission through subspace:

the project focuses on the vulnerability of
the web, and I am hoping to shove that even though SSL is implemented
the packages might be vulnerable to a Man-In-The-Middle-Attack (please
correct me if I am wrong), as the packages might be intercepted by an
If someone intercepts the packages using a man-in-the-middle-attack,
the encryption will break, thus alerting the user.

You cannot intercept encrypted packages
without alerting the user that someone _IS_ intercepting them.
Because the certificate will be wrong.

- --
Solbu -
Remove 'ugyldig.' for email
PGP key ID: 0xFA687324
Version: GnuPG v1.2.2 (GNU/Linux)


On 28 Okt, 11:29, Jim Watt <jimw...@xxxxxxxxxx> wrote:
On Sat, 27 Oct 2007 08:22:11 -0700, royend <roy...@xxxxxxxxx> wrote:
Is there any programs you would recommend which will handle SSL/TLS?
Would for instance a program like Ethereal be able to read packages
using SSL protocols?
Explanation why it can't be done...
Jim Watt

That is what I thought (and hoped for...).
Can the packages be saved when intercepted and without changing the
package be used in a replay attack?



i'm sorry in my native language 'pakket' has both meanings as well but still
i know the difference and the appropriate term when using them in english