On Mon, 2013-09-16 at 22:47 +0200, Kai Engert wrote: > DetecTor is an open source project to implement client side SSL/TLS MITM > detection, compromised CA detection and server impersonation detection, > by making use of the Tor network.
The integration of transparent client side probing into the NSS SSL library code will take more time (and of course will trigger additional future discussion, whether it actually should be integrated at all, or how). However, I've made progress regarding the server monitoring proposal. I've updated the sphere-probe utility to support continuous probing of services for unexpected certificates, and calling a user defined script for alerting. It's still an early version of the software and I'm looking for feedback and testing. The tool could be used to monitor your own server for network level attacks, such as: - an attacker being close to your server and intercepting requests to your server - global DNS manipulation to redirect requests to a server controlled by an adversary. The tool uses the existing Tor network for probing from multiple remote network locations (Tor exit nodes), and compare the certificate used by a server against a local list of one or multiple expected certificates. The sphere-probe utility (beta) is based on NSS and is available for download from the http://detector.io project page. (Tested on Linux, only, and you'll have to build it yourself, step by step instructions available in the README.) I'm looking forward to your feedback! There's also a new mailing list available, for discussing the project. I'll do most future announcements and project updates on the new list. Regards Kai -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto