Description: SSL MITM Attack basics has been discussed in a previous video. In this video we will look at a practical demonstration of an SSL MITM Attack over wireless using Yahoo Mail as a case study. It is important to note here that the reason for compromise is the fact that SSL protocol is susceptible to MITM attacks and is applicable to all websites using SSL and is not isolated to Yahoo Mail. The interesting thing as you will see in the video is that even though the browser detects the SSL certificate mismatch and popups up the security alert, most users will generally click through it. Thus the SSL MITM in most cases (where there are no software related bugs) works because users are gullible enough to click through security alerts and warnings. The most common place where i can imagine this attack being pulled off is in public hotspot areas, where users are on the lookout for any free open Wifi connection. An Attacker could easily lure users to connect to their Honeypots and then steal their passwords. Links:<br><br>1. Man in the Middle Attack<br><br>2. SSL Man in the Middle Attack<br><br>3. Dnsspoof Basics<br><br>4. Delegate Proxy<br><br>
Tags: tools ,
Latest from the SecurityTube Blog:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.