From: Jason (securitybrvenik.com)
Date: Sat Apr 22 2006 - 19:56:12 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Saqib Ali wrote:
>>I would not believe it possible as you describe it. Have you seen this
>>happen?
>
>
> I have not seen it myself. But I plan to visit Santa Clara and try it
> out in next couple of days. But I found their technique to be very
> strange, cause they clearly says that NO software installation
> required on their website. So I figured it must be some kind of proxy
> that modify the HTML pages. But that would certainly break SSL.

It is not difficult to implement a transparent proxy that does this for
regular HTTP traffic leaving the other traffic completely alone. There
are many examples to look at and I suspect this is really just an
extension of captive portals.

>
> I thought other readers of this list may have seen / implemented
> something like this. Thus the question.
>

There have been MITM tools released and they can be effective but
generally rely on the user making a mistake. I would doubt the SSL is
being touched at all.

>
> --
> Saqib Ali, CISSP, ISSAP
> Support http://www.capital-punishment.net
> -----------
> "I fear, if I rebel against my Lord, the retribution of an Awful Day
> (The Day of Resurrection)" Al-Quran 6:15
> -----------
>

-------------------------------------------------------------------------
This List Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Web Application Attack!"
Step-by-Step - SPI Dynamics White Paper
Learn how to defend against Web Application Attacks with real-world
examples of recent hacking methods such as: SQL Injection, Cross Site
Scripting and Parameter Manipulation

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003gRl
--------------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]