This video shows how SSL can be circumvented using an ARP Man in the Middle Attack
There are 3 scenes:
- The first shows what is required to set up the attack with a fresh nUbuntu install.
- The second shows a user logging into hotmail and the fake certificate he is presented with. The certificate is unsigned and has a different public key, but is otherwise identical.
- The third shows the captured and logged password.
The attacking computer was running nUbuntu 6.06 with a D-Link G650 wireless card.
The attack works as follows:
- Attacker connects to the network
- Attacker sends specific ARP replies to the gateway and victim so that packets are routed through him
- Victim requests an website using SSL
- Attacker relays this request to the actual Server
- Server replies with a certificate
- Attacker swaps his own certificate for the Server's
- Victim accepts the fake certificate and submits his credentials
- Attacker decrypts the message, logs it, and then re-encrypts it with the Servers certificate
- Further messages are relayed in a similar manner and the entire SSL session is captured transparently
The Video is 16 MB so please give it time to load. The controls will appear once the video is loaded.