I've come across a problem in a pentest that I'm working on right now that
I thought the members of the list might be able to assist me with.
I'm working with a propriatary software (written in C++) that communicates
on a high port number using HTTPS. I'm trying to test to see if the
software can be fooled into accepting a false certificate and then traffic
decoded into clear text.
So far I've tried Ettercap, webmitm and CAIN without much luck. The
closest I can get is Ettercap capturing the communication, however it
doesn't offer a forged certificate and all captured traffic is still
encrypted using the normal server certificate. Not much of a MITM attack.
I've confirmed that Ettercap works as advertised against a couple of sites
in Internet Explorer and all seems to work normally.
Does anybody know of a way to force Ettercap to perform an SSL mitm even
though the port isn't associated with HTTPS ? or maybe you can suggest a
better tool for the job ? I can control where the application looks for
the server, so I can divert it through some kind of forwarding proxy if
needed ?
Der Austausch von Nachrichten mit oben angefuehrtem Absender via E-Mail dient ausschliesslich Informationszwecken. Rechtsgeschaeftliche Erklaerungen duerfen ueber dieses Medium nicht ausgetauscht werden.
Correspondence with above mentioned sender via e-mail is only for information purposes. This medium may not be used for exchange of legally-binding communications.
----------------------------------------
I thought the members of the list might be able to assist me with.
I'm working with a propriatary software (written in C++) that communicates
on a high port number using HTTPS. I'm trying to test to see if the
software can be fooled into accepting a false certificate and then traffic
decoded into clear text.
So far I've tried Ettercap, webmitm and CAIN without much luck. The
closest I can get is Ettercap capturing the communication, however it
doesn't offer a forged certificate and all captured traffic is still
encrypted using the normal server certificate. Not much of a MITM attack.
I've confirmed that Ettercap works as advertised against a couple of sites
in Internet Explorer and all seems to work normally.
Does anybody know of a way to force Ettercap to perform an SSL mitm even
though the port isn't associated with HTTPS ? or maybe you can suggest a
better tool for the job ? I can control where the application looks for
the server, so I can divert it through some kind of forwarding proxy if
needed ?
Thanks,
Chris Riley
----------------------------------------
Raiffeisen Informatik GmbH, Firmenbuchnr. 88239p, Handelsgericht Wien, DVR 0486809, UID ATU 16351908
Der Austausch von Nachrichten mit oben angefuehrtem Absender via E-Mail dient ausschliesslich Informationszwecken. Rechtsgeschaeftliche Erklaerungen duerfen ueber dieses Medium nicht ausgetauscht werden.
Correspondence with above mentioned sender via e-mail is only for information purposes. This medium may not be used for exchange of legally-binding communications.
----------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
[ reply ]