Re: webmitm

From: Cedric Blancher (blancher@cartel-securite.fr)
Date: Wed Aug 06 2003 - 13:43:32 EDT

• Next message: wirepair: "Dialup Testing scripting?"
• Previous message: Geoffrey Shorter: "re: DoS'ing production DB's"
• In reply to: e247net: "webmitm"
• Next in thread: Christine Kronberg: "Re: webmitm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Le mer 06/08/2003 à 14:42, e247net a écrit :
> Does anyone had successfully used webmitm to
> prove the
> vulnerability of SSL which I am trying as well with dsniff - webmitm but
> of no success.... when " victim" initiated the connections
> to SSL sites .. the "attack" runnning webmitm shows error =
> client process xxx terminated with status 0 ... can you help ?? thanks

I do not have specific answer for webmitm, but I use another tool that
is useful in this case, sslsniff :

        http://www.thoughtcrime.org/ie.html

This tool exploit IE basic constraints verification flaw, but can do the
trick for classical SSL MitM.

-- 
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: wirepair: "Dialup Testing scripting?"
• Previous message: Geoffrey Shorter: "re: DoS'ing production DB's"
• In reply to: e247net: "webmitm"
• Next in thread: Christine Kronberg: "Re: webmitm"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:38 EDT