In our last post we discussed a little about attacking weak ciphers in this post we will have our look on how a Man In The Middle (MITM) attacks can be performed over SSL and TSL
encrypted data transfer. The attack uses SSL strip developed by Moxie
Marlin Spike with a ARP spoofing tool and a packet sniffer. The attack
can be exclusively performed from UNIX and Linux based platforms hence I
suggest you to use Dsniff. Practically SSL strip was developed to
demonstrate how an attacker can lead visitors to visit his/her site from
legitimate site. The attack used misinterpretation of null characters
vulnerability which existed in several certificates during 2009.
I
think its not good to demonstrate how attack can be performed since
Moxie Marlin Spike has already provided a nice tutorial on his own
website with a video.
