homepage Welcome to WebmasterWorld Guest from 54.167.179.48
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
Forum Library, Charter, Moderators: phranque

Website Technology Issues Forum

    
How Safe is SSL from MITM (Man In The Middle) Attacks?
If the man is in the middle all bets are off.
incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3711575 posted 9:03 pm on Jul 30, 2008 (gmt 0)

The topic of SSL security on an unsecured wifi connection was brought up on on the thread about How to Secure Wordpress Sites [webmasterworld.com] and it seemed there was enough FUD swirling around this topic to start a new thread.

This is intended to be educational for those that think SSL-MITM isn't possible so don't shoot the messenger as this is an educational and informative post. I'm not trying to show anyone how to launch a MITM attack, or give away all the steps required to sniff SSL. Besides, there's no need to do this because all of this information is freely available all over the internet with a simple query.

From the WordPress thread mentioned above:
A man in the middle cannot decrypt it even if he "cracks a wifi router".

If you can establish yourself as the MITM (Man in the Middle) you only need to dnsspoof the destination and issue a fake SSL cert as a response to the victim and then you can use SSLDUMP to decrypt the SSL stream.

Wow, that was hard wasn't it?

As a matter of fact, there's even a program available called WEBMITM (web man-in-the-middle) to help facilitate this:
webmitm transparently proxies and sniffs HTTP / HTTPS traffic redirected by dnsspoof, capturing most "secure" SSL-encrypted webmail logins and form submissions.

The method I saw used way back in the day was a simple intermediate SSL proxy server which is similar in concept to what I described above.

Let's do a simple diagram of how that works:

Browser using SSL -> SSL proxy -> SSL destination (Bank, Paypal, etc.)

Your browser is happy and shows a LOCK because it's in a secure SSL conversation with the SSL proxy. The SSL proxy server then makes the secure connection to the destination server and passes the content and cookies back and forth between your browser and the true destination.

All conversations are in SSL, everyone's happy, and all the data is collected in the middle.

The big challenge is getting in the middle.

If you can get in the middle, all bets are off.

Forget just collecting web passwords as there's SSHMITM to handle SSH protocols.

Not to mention password recovery tools like Cain & Able can pretty much sniff out anything.
The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms.

Many of the tools mentioned above are actually bundled into a network auditing and penetration testing package called "dsniff" which you can use to identify leaks in your network security. Unfortunately the knife cuts both ways and the same tools can be used to breach network security.

So how safe is your wifi connection?

It's probably OK because the number of reported incidents is very low.

Some suggest using the TOR anonymizer [torproject.org] will thwart simple MITM attacks because it scatters the request over many TCP connections. TOR is cheap (FREE!), easy to install, and probably not a bad idea to try if you use a lot of public wifi connections. I've yet to investigate the effectiveness of this solution but it's definitely better than using nothing at all.

What do I use?

I use a broadband card and disable wifi when I'm traveling.

[edited by: incrediBILL at 9:11 pm (utc) on July 30, 2008]

 

infp

5+ Year Member



 
Msg#: 3711575 posted 9:45 pm on Jul 30, 2008 (gmt 0)

you only need to dnsspoof the destination and issue a fake SSL cert as a response

In other words, if the user uses the browser as they should, the attack fails.

If you visit a site with a SSL certificate that fails verification (based on root certificates) then IE7 displays a page saying something like "Warning: This server may not be secure and you should not view pages from it" (in IE6 the warning is not a dead-end whole screen, but a Yes/No dialog box -- but IE6 is fortunately dying).

In conclusion, if you use SSL and do not ignore warnings like "This site has an invalid certificate", then you don't have to worry about man-in-the-middle attacks even if you use open wifi. The rest is FUD.

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3711575 posted 10:10 pm on Jul 30, 2008 (gmt 0)

OK, you want me to really scare the crowd, right?

I didn't want to bring up ettercap [ettercap.sourceforge.net], which is completely transparent and doesn't impact your certficate whatsoever. You won't see an invalid cert, nothing, because all ettercap does is sniff and dissect.

FWIW, you can even find software that will crack a WEP key on a wifi, login in and let ettercap do the sniffing.

No FUD there, no certificate warning either.

[edited by: incrediBILL at 10:12 pm (utc) on July 30, 2008]

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3711575 posted 10:18 pm on Jul 30, 2008 (gmt 0)

Here's some further Wifi and SSL fun from an Insecurity article on Infoworld [infoworld.com]:

Another interesting issue my friend noticed was how many HTTPS-enabled Web sites did not implement SSL correctly -- users' log-in names and passwords were being sent in clear text. This included communications to remotely accessed security devices, portals, and firewalls.

This article is a couple of years old and I would like to hope much of this insecurity has been fixed since it was written but I wouldn't risk it because there is no patch for stupidity.

[edited by: incrediBILL at 10:26 pm (utc) on July 30, 2008]

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3711575 posted 11:34 pm on Jul 30, 2008 (gmt 0)

I've been doing a little more research to find some insightful articles that will open people's eyes to the threats of wifi and also bust some more of the FUD surrounding the topic.

Here's a nice article from the NYT's about the sniffing software and wifi hotspots [pogue.blogs.nytimes.com]:

He turned his laptop around to reveal all of this:

* Every copy of every e-mail message I sent *and* received.

* A list of the Web sites I visited.

* Even, incredibly, the graphics that had appeared on the Web sites I had visited.

None of this took any particular effort, hacker skill or fancy software. Anyone could do it. You could do it.

All Jon needed was a “packet sniffing” program; such software is free and widely available. (He used a Mac program called Eavesdrop.) It sniffs the airwaves and displays whatever data it finds being transmitted in the public hot spot.

How fun is that?

The wifi doesn't even need to be compromised, no man-in-the-middle.

It's so easy you too can do it so why not assume everyone else in the wifi hotspot is sniffing YOUR traffic just like your could sniff theirs!

Can you say wireless broadband card?

Here's a nice article on Tech Republic explaining why EV-DO is more secure [articles.techrepublic.com.com].

But EV-DO doesn't use WEP. Instead, encrypted CDMA transmissions use a 42-bit pseudo-noise (PN) sequence called a long code. The long code scrambles transmissions through the standardized Cellular Authentication and Voice Encryption (CAVE) algorithm to generate a 128-bit subkey called Shared Secret Data (SSD).

This key then feeds into an Advanced Encryption Standard (AES) algorithm to encrypt the transmissions. AES is a symmetric encryption algorithm used by governments to protect sensitive information. If governments use AES to encrypt their data, it should be good enough to protect your data as well.

Bottom line, if you can't afford wireless broadband or it's not available in your area then using the TOR proxy [torproject.org] is definitely your best bet to being secure on a public wifi network or even your HOME wifi network for that matter since WEP can be hacked.

[edited by: incrediBILL at 12:04 am (utc) on July 31, 2008]

the_nerd

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3711575 posted 9:19 am on Jul 31, 2008 (gmt 0)

all the former posts focus on wifi.

Does this mean we don't have any MITM problems on e.g. DSL lines? In other words, does Mallory have a chance to squeeze in between Alice and Bob also on normal internet connections?

webdoctor

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3711575 posted 10:34 am on Jul 31, 2008 (gmt 0)

the TOR proxy is definitely your best bet to being secure on a public wifi network

Errr... I would never route MY sensitive traffic through a TOR proxy.

Bruce Schneier's opinion appears to be that that anonymity and privacy aren't the same [wired.com], and I'd agree with him.

himalayaswater

5+ Year Member



 
Msg#: 3711575 posted 2:27 pm on Jul 31, 2008 (gmt 0)

@the_nerd,

Yes, ISP staff can do that but they are too busy, IMHO..

infp

5+ Year Member



 
Msg#: 3711575 posted 3:28 pm on Jul 31, 2008 (gmt 0)

I didn't want to bring up ettercap, which is completely transparent and doesn't impact your certficate whatsoever.

That software is again useless in this context. There is no way for a man in the middle to impersonate the remote server, unless he has a valid certificate (or the user ignores the warning screen displayed by the browser). Otherwise, believe me, e-commerce would not exist by now.

If the attack works, then either your computer has been compromised or the remote server has been compromised.

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3711575 posted 5:42 pm on Jul 31, 2008 (gmt 0)

There is no way for a man in the middle to impersonate the remote server, unless he has a valid certificate

I originally stated I didn't want to spell out how to completely pull off a flawless MITM attack but if you must challenge the SSL cert issue again let me explain how it works without the error...

To pull off a true MITM attack without giving away the certificate error, you have to start with an HTTP page, which many people start with such as the bank home page and then login to HTTPS from there.

If the MITM proxy replaces the HTTPS address of the bank with https://www.examplebank.com, such as how I described it above, then you connect to https://www.examplebank.com instead of your bank, no error given.

So if you don't notice the domain name change then you're running via the proxy which has a valid cert.

As a matter of fact, any server that has a valid SSL cert which has been compromised by hackers can be used for this process just like the phishing scams.

Besides, most people wouldn't think twice and would click OK even with the cert warning which is why most MITM attacks don't go to much extreme. If you think people aren't that stupid then try to explain why there are hundreds of thousands of compromised machines from people opening emails from sources they don't know, accepting downloads from rogue sites, etc.. People just aren't that savvy and bypass simple security to get where they want to go, simple as that.

[edited by: incrediBILL at 5:50 pm (utc) on July 31, 2008]

infp

5+ Year Member



 
Msg#: 3711575 posted 9:13 pm on Jul 31, 2008 (gmt 0)

If the MITM proxy replaces the HTTPS address of the bank with https://www.examplebank.com, such as how I described it above, then you connect to https://www.examplebank.com instead of your bank, no error given.

That is not a man-in-the-middle attack as such. That is a user visiting an incorrect URL (the desired SSL connection does not exist so there is nothing to attack). If you bookmark your blog admin page, you can avoid making such a mistake. Besides, you must start with a non-SSL page, which is forbidden if you want to discuss MITM attacks on SSL (https is required).

Besides, most people wouldn't think twice and would click OK

That should mean that SSL cannot prevent MITM attacks? Doesn't it rather mean that some users cannot use SSL?

As a matter of fact, any server that has a valid SSL cert which has been compromised by hackers can be used for this process just like the phishing scams.

Yes, that's why I wrote: "If the attack works, then either your computer has been compromised or the remote server has been compromised."

[edited by: infp at 9:35 pm (utc) on July 31, 2008]

infp

5+ Year Member



 
Msg#: 3711575 posted 9:32 pm on Jul 31, 2008 (gmt 0)

It should also be pointed out that SSL encryption is not the same thing as 'wifi' encryption. In the past, 'wifi' encryption was quite insecure and easy to break. This has nothing to do with SSL though (and is again a good source of repeated SSL-related FUD :-)

[edited by: infp at 9:48 pm (utc) on July 31, 2008]

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3711575 posted 9:34 pm on Jul 31, 2008 (gmt 0)

That is not a man-in-the-middle attack as such.

You're being way to literal because the MITM attack just means that man is just in the middle of your conversation. If you can't sniff the conversation you can simply redirect it through your own proxy which doesn't make it any less of a MITM because someone's server is between you and the intended destination.

That means that SSL cannot prevent MITM attacks? Or, rather, that some users cannot use SSL?

SSL doesn't prevent anything except stopping you from decoding the conversation which is why you need to intercept and reroute it through your own SSL proxy.

Also some users cannot use SSL properly, or email, or any other thing and overlook subtle things like domain changes or why they had to click OK to continue.

the remote server has been compromised

Not the intended remote server, for instance the bank, they don't have to be compromised for the MITM to inject a proxy server hosted on some other compromised machine that is an intermediate between the wifi user and the bank.

infp

5+ Year Member



 
Msg#: 3711575 posted 9:44 pm on Jul 31, 2008 (gmt 0)

I thought the topic was "How Safe is SSL from MITM (Man In The Middle) Attacks".

The attacks you mentioned, however, are not attacks on SSL connections. The first attack assumes that the user starts browsing a non-SSL URL that takes him to an incorrect URL. This is not an attack on SSL. The desired SSL connection does not exist (with respect to our topic, you have nothing to attack).

The other attacks are not attacks on SSL but exploitation of ignorance of users and their inability to use SSL. This does not mean that SSL cannot protect against MITM attacks (it means that not all people can use SSL).

SSL doesn't prevent anything except stopping you from decoding the conversation

SSL protects:

- The authenticity of the data (you know where/who it came from).

- Confidentiality of the data (nobody knows what you are receiving/sending).

- Integrity (alteration of data by MITM produces random garbage instead of meaningful changes and the alteration is detected).

infp

5+ Year Member



 
Msg#: 3711575 posted 9:52 pm on Jul 31, 2008 (gmt 0)

Also, if a hacker steals or otherwise acquires the certificate of the remote server, we can consider the server compromised.

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3711575 posted 10:21 pm on Jul 31, 2008 (gmt 0)

Yes, we know what SSL protects, that wasn't my point.

SSL doesn't stop you from being conned with a MITM using his own (or acquired) server to perpetrate a fraud assuming he redirected you to his server as outlined previously.

hacker steals or otherwise acquires the certificate of the remote server

The hacker doesn't need to steal a cert, he could actually have a legit cert on his own server.

Who said the bad guys can't buy certs?

It's not that hard to obtain one.

blaze

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3711575 posted 2:47 am on Aug 1, 2008 (gmt 0)

INFP is technically right, however I think he's using his technical knowledge to incorrectly dismiss an important problem.

SSL, when used correctly, is generally safe. There are some attacks against the random private key generation that is used in each protocol setup, but they are usually defeated by better hardware/software these days.

However, there are many ways to ensure that SSL is not used properly, especially with older browsers that have poor communication with the user.

Also, if the wifi connection is compromised, it's usually pretty easy to insert a keylogger virus that will install and compromise your client.

infp

5+ Year Member



 
Msg#: 3711575 posted 12:47 pm on Aug 1, 2008 (gmt 0)

However, there are many ways to ensure that SSL is not used properly

Again, the fact that some users can't use SSL properly (due to their ignorance) does not mean that SSL cannot prevent MITM attacks. It can, but you need to actually use it (and use it as intended).

Also, if the wifi connection is compromised, it's usually pretty easy to insert a keylogger virus that will install and compromise your client.

If you connect only via SSL and do not ignore browser warnings, then you will remain secure even if the wifi connection is compromised. Otherwise, your computer has been compromised and is insecure (not SSL).

infp

5+ Year Member



 
Msg#: 3711575 posted 12:50 pm on Aug 1, 2008 (gmt 0)

The hacker doesn't need to steal a cert, he could actually have a legit cert on his own server.

We are analyzing a scenario where a valid SSL connection is established to a secure server, not to a hacker's server. If there's no such connection, there's nothing to attack and nothing to discuss.

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3711575 posted 6:35 pm on Aug 1, 2008 (gmt 0)

We are analyzing a scenario where a valid SSL connection is established to a secure server

Actually, I wasn't because the real fun starts WHEN the connection is initially established on WIFI, not if it already exists.

The potential for SSL mayhem in a compromised wifi situation means you have control over the DNS which allows you to redirect the conversation through a proxy in the first place.

That's what was being discussed from the first post.

infp

5+ Year Member



 
Msg#: 3711575 posted 2:33 pm on Aug 2, 2008 (gmt 0)

To conclude this thread:

SSL will prevent MITM attacks even on insecure wifi connections (that are fully controlled by an attacker) provided that:

- SSL is used as intended (the user must not ignore warning screens).

- Neither your computer nor the remote server has been compromised.

- The remote server has a certificate issued by a public trustworthy certificate authority.

- The user makes sure he or she visits the correct URL (use bookmarks to access your blog admin page) starting with https://

Happy browsing.

pageoneresults

WebmasterWorld Senior Member pageoneresults us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3711575 posted 3:31 pm on Aug 2, 2008 (gmt 0)

^ That's quite a bit to ask of the average consumer of these types services, don't you think?

By the way, I am in no way an expert or even qualified to discuss SSL from this perspective. But, as a new user in this area, I'm clueless! How do "I", the clueless consumer, do all of the above? I just got my laptop too. Help me out here. Don't forget, I've been online since 1995 so I'm not "too" clueless. ;)

Also, what are all these "unsecured networks" appearing in my wireless networks? Should I connect to those? They are free right? Well, that's what I want. A "free" connection. :)

Happy browsing.

Heh! It would be if that darn red warning would stop coming up! I just click the link that reads continue to website anyway. ;)

infp

5+ Year Member



 
Msg#: 3711575 posted 3:53 pm on Aug 2, 2008 (gmt 0)

That's quite a bit to ask of the average consumer of these types services, don't you think?

Why is this irrelevant argument repeated again? Whether the average user can use SSL is a completely different topic and not my problem.

The topic is: "Can SSL prevent MITM attacks?" The answer is: Yes.

pageoneresults

WebmasterWorld Senior Member pageoneresults us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3711575 posted 4:04 pm on Aug 2, 2008 (gmt 0)

The topic is: "Can SSL prevent MITM attacks?" The answer is: Yes.

Hmmm, the <title> reads...

How Safe is SSL from MITM (Man In The Middle) Attacks?

You guys are talking way over my head so I'm trying to understand what's going on. Bear with me here. You say Yes. Bill says No. Which is it? I am really confused at this point. Can we get some clarification?

(in IE6 the warning is not a dead-end whole screen, but a Yes/No dialog box -- but IE6 is fortunately dying)

I wish you would tell that to a large corporate here in So Cal who refuses to upgrade to IE7. Their IT department only allows one IE7 install per office. Go figure...

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3711575 posted 7:21 pm on Aug 2, 2008 (gmt 0)

The topic is: "Can SSL prevent MITM attacks?" The answer is: Yes.

The answer has been overwhelmingly NO if you can steer the SSL connection to your server.

You keep assuming MITM is there during an existing conversation but the MITM can be there from the start and direct the data flow to his own server which I've covered a couple of times, which was the initial premise.

As a matter of fact, just so the surfer doesn't know the MITM is even there, the initial request is usually a LOGIN starting from an HTTP page, not an SSL page, which is where the problem starts. The MITM using dnspoof and an SSL proxy can quickly collect your login information and then execute a redirect to the REAL destination so you've just compromised your password without even a change of the URL in the status bar.

Not sure if MSIE or FF alerts when one SSL server redirects to a different SSL server, probably not.

It would appear totally seamless and the MITM could go back at his leisure and login to your bank account and wire transfer all your money offshore.

[edited by: incrediBILL at 7:23 pm (utc) on Aug. 2, 2008]

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3711575 posted 7:33 pm on Aug 2, 2008 (gmt 0)

I'll give most banks credit these days that when you type in examplebank.com they redirect to https://examplebank.com so the entire conversation is theoretically in SSL.

The problem is that unless the initial request from the visitor is made directly to just examplebank.com it gives the MITM an opportunity to serve up a phish page instead of letting the bank perform it's initial 301 redirect to https://examplebank.com.

So you're safest if you physically type in the https:// yourself and don't let the server do the redirect.

[edited by: incrediBILL at 7:33 pm (utc) on Aug. 2, 2008]

infp

5+ Year Member



 
Msg#: 3711575 posted 12:59 pm on Aug 3, 2008 (gmt 0)

This is my last try to undo the immense amount of FUD this thread contains:

SSL will prevent MITM attacks even on insecure wifi connections (that are fully controlled by an attacker) even if DNS is spoofed or whatever, provided that:

- SSL is used as intended (the user must not ignore warning screens).

- Neither your computer nor the remote server has been compromised.

- The remote server has a certificate issued by a public trustworthy certificate authority.

- The user makes sure he or she visits the correct URL (use bookmarks to access your blog admin page) starting with https://

I will not post any other message to this thread, because it obviously leads nowhere and I don't have that much energy to waste.

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3711575 posted 9:50 pm on Aug 3, 2008 (gmt 0)

use bookmarks to access your blog admin page) starting with https://

Yes, I'll agree if you use bookmarks starting with HTTPS and don't click OK on a cert warning you'll probably be safe.

However, the odds of more than a handful of people reading this thread and heading that warning are slim which is why the MITM will still be successful.

At least a few people now might know what to look out for.

Sadly, most ISPs don't provide secure POP or webmail services, except gmail, so most people will compromise their email accounts at a minimum if they check them.

Like I've said before, I'll stick with wireless broadband which is the most secure option at the moment and others can roll the dice with wifi as they wish and hope there's nobody sniffing.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved