Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSL Man in the Middle Proxy Srinivas Inguva Dan Boneh Ian Baker Stanford University.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "SSL Man in the Middle Proxy Srinivas Inguva Dan Boneh Ian Baker Stanford University."— Presentation transcript:

1 SSL Man in the Middle Proxy Srinivas Inguva Dan Boneh Ian Baker Stanford University

2 Overview Normal SSL – SSL encrypted data routed like normal TCP/IP data over the internet Internet SSL Web Server

3 Proxy Server Browser connects to proxy Proxy connects to web server and forwards between the two Internet SSL Web Server

4 Man in the Middle Instead of forwarding encrypted data between the two hosts, our proxy will set up two DIFFERENT SSL connections between the two. Proxy Remote Server – Sets up a normal SSL client connection to requested remote site Proxy Browser – Sets up a SSL server connection to the browser, using its own certificate, generated as a copy of the remote host’s cert If the browser accepts this fake cert, the proxy has access to the data in the clear!

5 Proxy Server Listens for the browser CONNECT request and sets up the needed SSL connections Obtains the remote server cert from the remote SSL connection Creates a forged cert using the remote server cert and proxy credential: – SubjectDN, Serial Number, Extensions, … same – Issuer, Public Key, Signature changed The browser sees this forged cert as the SSL server cert

6 Getting Started Start proxy server – Java command line application – Java 1.5+ runtime environment Configure Browser to use this SSL proxy – Browser specific Add proxy’s certificate to the browser trusted CA store – Otherwise, “certificate not trusted” warnings

7 Proxy Server Usage java mitm.MITMProxyServer [-localHost ] Default is localhost [-localPort ] Default is 8001 [-keyStore ] Key store details for [-keyStorePassword ] certificates. Equivalent to [-keyStoreType ] javax.net.ssl.XXX properties [-keyStoreAlias ] Default is 'mykey' [-outputFile ] Default is stdout [-v ] Verbose proxy output keyStore is the Java KeyStore file containing the proxy cert outputFile contains the plaintext of all proxied HTTP requests

8 Configuring an SSL proxy in Firefox

9

10

11 Possible Problems You should be able to start up the proxy server and connect to it “out of the box” If you are having problems – Is someone else using the port? (default 8001) Try a different port on the command line – Firewall problems? Try opening the needed port 8001 Or using SSH port forwarding – Try running your browser on the same machine and setting the proxy as localhost

12 Questions? Project home page – http://crypto.stanford.edu/ssl-mitm/ http://crypto.stanford.edu/ssl-mitm/

Download ppt "SSL Man in the Middle Proxy Srinivas Inguva Dan Boneh Ian Baker Stanford University."

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
HTTPS and the Lock Icon Dan Boneh. Goals for this lecture Brief overview of HTTPS: How the SSL/TLS protocol works (very briefly) How to use HTTPS Integrating.

HTTPS and the Lock Icon Dan Boneh. Goals for this lecture Brief overview of HTTPS: How the SSL/TLS protocol works (very briefly) How to use HTTPS Integrating.
SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep.

SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep.
SSLstrip Stepan Shykerynets 23.03.2013.

SSLstrip Stepan Shykerynets
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Certificates, SSL and IPsec Ahmed Muaydh Sara Bin Saif Shi-Jey Chou Advisor:Dr. Leszek Lilien.

Certificates, SSL and IPsec Ahmed Muaydh Sara Bin Saif Shi-Jey Chou Advisor:Dr. Leszek Lilien.
TRIRIGA Anywhere 10.4 Beta Registration Steps

TRIRIGA Anywhere 10.4 Beta Registration Steps
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Man in the Middle attacks and ARP poisoning explained

Man in the Middle attacks and ARP poisoning explained
Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.

Secure Remote Access to an Internal Web Server Christian Gilmore, David Kormann, and Aviel D. Rubin ATT Labs - Research “The security policy usually amounts.
APACHE SERVER By Innovationframes.com »

APACHE SERVER By Innovationframes.com »
Boris Tshibangu. What is a proxy server? A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from.

Boris Tshibangu. What is a proxy server? A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.

Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.

11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
CSCI 6962: Server-side Design and Programming

CSCI 6962: Server-side Design and Programming
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN

Similar presentations

Ads by Google