[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Interception of SSL 3 communication

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Interception of SSL 3 communication
From: Eli Feigin <feiginml@xxxxxxxxx>
Date: Tue, 14 Feb 2006 19:03:36 +0200

I am trying to perform a man in the middle attack on a local client
application.

The application client (VB application) uses a client side certificate
located on a smart card (GEMPLUS) to encrypt co communication with the
server (Java servlet).

All I know is that the application accesses a url like this: https://
www.thesite.com via SSL 3.

I don't have the source of the client code, but I would like to view/alter
the communication in some way.

When the card is inserted IE is able to view the certificate, and export it
in several formats.

I tried Paros to intercept the communication but I couldn't meet its
certificate requirements.

Thanks to anyone who can help me intercept the communication.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Re: On the "0-day" term
Next by Date: Re: [Full-disclosure] blocking Google Desktop
Previous by thread: Re: [Full-disclosure] Anybody else getting trojans from someone masquerading as fyodor?
Next by thread: [Full-disclosure] iDefense Labs Quarterly Hacking Challenge
Index(es):
- Date
- Thread