Paid Advertising is
ha.ckers sla.cking
This group should mostly be dealing with how web applications enable networking security issues that are otherwise not there. Everything is being tunneled over port 80 now so what does that enable and how do we fix it? 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
with cain and abel
Posted by: rox
Date: April 30, 2008 01:43AM

is there any way to di mitm on those hosts which uses ssl certs???like orkut or gmail???if yes the how??

Options: ReplyQuote
Re: with cain and abel
Posted by: MAdhaTTer-240
Date: July 09, 2008 10:51AM

I believe you can, I have not tried tho. RTFM

Options: ReplyQuote
Re: with cain and abel
Posted by: Reiners
Date: July 09, 2008 12:05PM

I'm sure ettercap can

Options: ReplyQuote
Re: with cain and abel
Posted by: rsnake
Date: August 03, 2008 10:30PM

You can in a few ways. You can force them not to connect to the SSL server at all (most people don't type https:// they type in http:// and the site redirects them). You can also just do a normal MITM setup but that will of course cause an error in the browser.

- RSnake
Gotta love it.

Options: ReplyQuote
Re: with cain and abel
Posted by: thornmaker
Date: August 04, 2008 10:30AM

For what it's worth, I had some issues doing this with Firefox 3 recently. I was using Burp Proxy as the MITM which sends the browser its own self-signed cert, which Firefox naturally complains about. The warning box didn't allow me to choose to accept the self-signed cert which is annoying but somewhat understandable... Fortunately Firefox lets you create one-off exceptions for such scenarios. But when I tried to import the self-signed cert this way, I was blocked again because it didn't like that the cert was self-signed... very lame...

Anyhow, the fix was to change the about:config setting network.dns.disableIPv6 to true and then I could create the one-off exception.

Options: ReplyQuote

Sorry, only registered users may post in this forum.