ISAC Cambodia (InfoSec)
Video

WIRELESS LAN SECURITY MEGAPRIMER PART 13 : SSL Man-In-The-Middle Attack

Description: Welcome to Part 13 of the WLAN Security Megaprimer! Please start this series by watching Part 1http://www.securitytube.net/video/1756, if you have not done so already.

In this video, we will learn how to conduct an SSL Man-in-the-Middle attacker over wireless. You are urged to watch the following videos as well created by me on this topic; these talk about the basics of the attack in more detail:

http://www.securitytube.net/video/100
http://www.securitytube.net/video/101

We will use the setup we created in the previous video and run a couple of new tools, namely – Dnsspoof and Burpsuite Proxy. The basic idea is to hijack the application running on the victim by first using Dnsspoof to inject spoofed DNS responses for the DNS requests made by the victim. Once the victim DNS cache is poisoned, all further requests will be sent to the attacker’s IP address. Now in the SSL MITM case, we will run Burpsuite to attach a proxy to port 80 and 443. Now when the application on the victim sends any request it goes through the attacker’s proxy. At this point, the attacker can passively monitor or modify any data sent to/from the victim almost transparently. The only indication the victim gets a alert on the browser window warning him of certificate problems. Now if he victim accepts the risk (which 95% users do) and clicks through the warning, the rest is history 🙂

Show More

Phannarith

Mr. OU Phannarith is one of the well-known cybersecurity experts in Cambodia and the region. He is the founder of the first leading information security website (www.secudemy.com) in Cambodia. He has been invited to present in global conferences, forums, and seminars and he was awarded in Information Security Leadership Achievements (ISLA) in 2016 by (ISC)2 and in December 2012 as one of the top 10 Chief Information Security Officers (CISO) in ASEAN by the International Data Group (IDG). Mr. OU has been the Professor specializing in Cybersecurity.

Related Articles

Back to top button