SSL is a secure protocol that provides security and data integrity for network communications. TLS and SSL encrypt the network connection at the transport layer. Developed for Netscape to secure data transmission over the Internet, but recently new types of attack tools have appeared, seriously affecting the security of sensitive information such as user identity protected by SSL/HTTPS. Today's targeted SSLtrip research, the anti-SSLtrip attack solution to prevent the damage caused by SSLtrip.
How SSLtrip works
1. First, the SSLtrip attacker needs to enable its own route forwarding function;
2. Then it broadcasts ARP packets to the network for ARP. Deceive, impersonate the routing or the MAC address of the gateway. So that all the data in the network will pass through this attacker;
3. Replace the https connection in all http data passing through it, and record which connections are replaced;
4. The attacker establishes a connection with the client computer via http. This link will be redirected to another port on the attacker;
5. The attacker then pretends to be a client to establish a https connection with the real server;
6. Such a client and server All data connections between them are transparently forwarded by the attacker. For the client, it is the server, and for the server it is the client.
The figure below shows which https connections are replaced with normal http connections in the ssltrip attack.
7. In order to deceive the client user, all the icons in the browser will be replaced with the https icon;
8. At this time, the user name and password submitted by the client are It is sent in clear text to the ssltrip attacker's computer. The attacker steals the private information of the client without the client's knowledge.
Introduction to Attack Tools
1. Version 0.2
2. Operating Environment Linux
3. Need to enable system routing and forwarding function
4. Need to enable firewall port redirection function Previous page12Next page Total 2 pages
There are many input methods, and everyone likes it differently. The Sogou input method is very usef
Starting with Windows 2000, Microsoft introduced the Windows File Protection feature in Windows. How
Event Viewer? Many users are very strange to this. In fact, in every Windows system
The computer partition has been lost. Everyone has encountered it, and then the ori
How to solve the problem of missing dfst.dll in WinXP installation CAD prompt?
What is the opening of the WinXP system tmp file? How to open tmp file and steps
Features Windows XP system comes with hidden files
How does WinXP open wireless service?
The whole process of a DC time synchronization failure case
WinXP notebook to create a wireless LAN process
Jin's way to rise hands xp end process can not be ignored
The little-known use experience in the xp system is shared
WinXP server operating system installation method
WinXP printer driver uninstall method
Resolving Accounts and Permissions in Windows [Photos]
Let the old system change to a new installation WindowsXP use the taskbar of Windows7
Win7 open recycle bin "The property of this project is unknown" solution
Windows7 computer shutdown speed solution
Win7 system boot error svchost.exe how to deal with it?
IIS 6 Frequently Asked Questions
How to make WIN8 and cloud can be closely combined with
Dell Win8 notebook screen flicker causes and solutions
Teach you to use the taskbar to play the calendar of life
How to center the taskbar icon of Win7 system
What should I do with the win10 blue screen? Come and see it