lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <c1da6dd20602140903q5195d658kb2fb97c1ff7cddae@mail.gmail.com>
Date: Tue Feb 14 17:03:44 2006
From: feiginml at gmail.com (Eli Feigin)
Subject: Interception of SSL 3 communication

I am trying to perform a man in the middle attack on a local client
application.

The application client (VB application) uses a client side certificate
located on a smart card (GEMPLUS) to encrypt co communication with the
server (Java servlet).

All I know is that the application accesses a url like this: https://
www.thesite.com via SSL 3.

I don't have the source of the client code, but I would like to view/alter
the communication in some way.

When the card is inserted IE is able to view the certificate, and export it
in several formats.

I tried Paros to intercept the communication but I couldn't meet its
certificate requirements.

Thanks to anyone who can help me intercept the communication.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060214/d0a0156f/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ