|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Santy and SSL
From: Ofer Shezaf (Ofer.Shezaf
breach.com)
Date: Thu Jan 06 2005 - 15:39:47 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Since my company sells a product that decrypts SSL traffic in order to
enable intrusion detection systems to inspect it, I was looking for
examples of real world attacks hidden in SSL traffic.
As part of this research I examined Santy and found out that:
a. there are many phpBB sites protected by SSL:
I Just Googled something like: "inurl:https inurl:viewtopic
inurl:highlight", which is similar to the Santy search but also
requiring the page to be SSL protected and found 2000. Not enough to
spread a worm, but certainly enough to find some vulnerable sites to
deface.
b. Santy itself did not address SSL:
It parsed found URL using the pattern s#^http://##i (thus ignoring https
sites) and naturally also did not assume port 443 for https protocol.
Since modifying the code to handle SSL requires changing two lines, I
wondered if somebody has seen a variant or similar attack over SSL?
Ofer Shezaf
CTO, Breach Security
Tel: +972.9.956.0036 ext.212
Cell: +972.54.443.1119
ofersbreach.com
www.breach.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]