TLS - HTTPS - MITM
search "enisa encrypted traffic analysis". Technical report with many interesting details of TLS/HTTPS, regarding implementation, bugs, weaknesses and alike.
https://crt.sh/?id=19538258
https://blog.filippo.io/untrusting-an-intermediate-ca-on-os-x/
http://blogs.msmvps.com/alunj/2016/05/26/untrusting-the-blue-coat-intermediate-ca-from-windows/
An interactive SSL-capable intercepting HTTP proxy for penetration testers and software developers
DNSpooq lets attackers poison DNS cache records
Google "fox-it mitm6"
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
http://www.roe.ch/SSLsplit
The Backdoor Factory (BDF) For security professionals and researchers only. The goal of BDF is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.
https://github.com/secretsquirrel/the-backdoor-factory
BDFProxy is a tool that has been developed from two different instruments.
Initially, the author of BDFProxy Joshua Pitts created the tool called The Backdoor Factory that actually was designed to automate patching of the files in order to plug in backcodes which might be quite crucial for penetration testing. There is another one, mitmproxy, which is a Python proxy-server that can catch HTTP, change traffic on the fly, replay traffic, decode and render primitive data types. By means of crossing of those two tools we got BDFProxy. How it works? The tool can patch on fly the binaries downloading by a victim. And now, just imagine, how many official websites share their programs via HTTP. Well, moreover, a lot of quite big companies, like Sysinternals, Microsoft, Malwarebytes, SourceForge, Wireshark, as long as a great amount of Antivirus Companies do that. So, while most of the antivirus products can detect data integrity damaging, the regular software does not fit up with such functions. Which means that its modification rest unnoticed by a user.
https://github.com/secretsquirrel/BDFProxy
HTTPS interception weakens TLS Security
https://www.us-cert.gov/ncas/alerts/TA17-075A
SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing.
http://www.roe.ch/SSLsplit
The Backdoor Factory (BDF) For security professionals and researchers only. The goal of BDF is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.
https://github.com/secretsquirrel/the-backdoor-factory
BDFProxy is a tool that has been developed from two different instruments.
Initially, the author of BDFProxy Joshua Pitts created the tool called The Backdoor Factory that actually was designed to automate patching of the files in order to plug in backcodes which might be quite crucial for penetration testing. There is another one, mitmproxy, which is a Python proxy-server that can catch HTTP, change traffic on the fly, replay traffic, decode and render primitive data types. By means of crossing of those two tools we got BDFProxy. How it works? The tool can patch on fly the binaries downloading by a victim. And now, just imagine, how many official websites share their programs via HTTP. Well, moreover, a lot of quite big companies, like Sysinternals, Microsoft, Malwarebytes, SourceForge, Wireshark, as long as a great amount of Antivirus Companies do that. So, while most of the antivirus products can detect data integrity damaging, the regular software does not fit up with such functions. Which means that its modification rest unnoticed by a user.
https://github.com/secretsquirrel/BDFProxy
HTTPS interception weakens TLS Security
https://www.us-cert.gov/ncas/alerts/TA17-075A
What extensions and details are included in a SSL certificate?
https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=SO18140
https://www.troyhunt.com/journey-to-an-extended-validation-certificate/
https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=SO18140
https://www.troyhunt.com/journey-to-an-extended-validation-certificate/
