Am Freitag, den 02.02.2007, 16:15 -0500 schrieb James Muir: > > You can find more and download Odysseus here: > > > > http://www.bindshell.net/tools/odysseus > > It is my understanding that SSL is engineered to resist mitm attacks, > so > I am suspicious of these claims. I wondered if someone more familiar > with SSL/TLS could comment. > > Isn't in the case that the application doing SSL on the client should > detect what this proxy server is doing and display a warning to the > user?
A unmodified SSL/TLS client should display a warning message, that the server certificate is invalid or something similar. So this is not a valid man in the middle attack agains SSL/TLS. Perhaps you are going to use this tool for debugging purpose. If so, you can perhaps generate a certificat with a private key. The certificate is installed in your SSL/TLS client as a trusted certification authority and the certificate and the private key is then used by odysseus to make this warning messages go away.
Description: Dies ist ein digital signierter Nachrichtenteil