SSLManintheMiddleProxy.pptVIP

Proxy Server Usage java mitm.MITMProxyServer options [-localHost host name/ip] Default is localhost [-localPort port] Default is 8001 [-keyStore file] Key store details for [-keyStorePassword pass] certificates. Equivalent to [-keyStoreType type] .ssl.XXX properties [-keyStoreAlias alias] Default is mykey [-outputFile filename] Default is stdout [-v ] Verbose proxy output keyStore is the Java KeyStore file containing the proxy cert outputFile contains the plaintext of all proxied HTTP requests Questions? Project home page /ssl-mitm/ SSL Man in the Middle Proxy Srinivas Inguva Dan Boneh Ian Baker Stanford University Overview Normal SSL SSL encrypted data routed like normal TCP/IP data over the internet Internet SSL Web Server Proxy Server Browser connects to proxy Proxy connects to web server and forwards between the two Internet SSL Web Server Man in the Middle Instead of forwarding encrypted data between the two hosts, our proxy will set up two DIFFERENT SSL connections between the two. Proxy-Remote Server Sets up a normal SSL client connection to requested remote site Proxy-Browser Sets up a SSL server connection to the browser, using its own certificate, generated as a copy of the remote host’s cert If the browser accepts this fake cert, the proxy has access to the data in the clear! Proxy Server Listens for the browser CONNECT request and sets up the needed SSL connections Obtains the remote server cert from the remote SSL connection Creates a forged cert using the remote server cert and proxy credential: SubjectDN, Serial Number, Extensions, … same Issuer, Public Key, Signature changed The browser sees this forged cert as the SSL server cert Getting Started Start proxy server Java command line application Java 1.5+ runtime environment Configure Browser to use this SSL proxy Browser specific Add proxy’s certificate to