> Ok, I think I've made it clear that a mitm does not have to > modify payloads in order to be successful ...
Wouldn't the payloads need to be modified, if they're encrypted using SSL? If you trick the client into talking to your machine instead of the intended host, and you present a certificate that isn't identical to the intended host's certificate, you would need to decrypt the content with your certificate. You'd then have to encrypt that content with the intended host's certificate. While the actual data you're interested in reading will not have changed, the information in the packet you received from the client will not be the same as the information in the one you send to the intended host, right? That seems to me to be the behavior of a proxy, not a router. Routers rewrite transport layer stuff, but you'd need to rewrite application layer stuff (I think those are the two relevent OSI layers, but I'm too lazy to check). And, I'm not trying to upset you or anything. I'm genuinely interested in figuring this out. You mentioned previously that it would be possible to either use the intended host's certificate or present a certificate of your own that doesn't trigger a warning message on the client. Did I understand you correctly? If so, can you point to anything about that at all? If not, I apologize for misinterpreting you. Thanks! Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:255689 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
