aduchesne writes: > After a bit of further digging, Locksmith is a program to decrypt SSL. > > SSL LOCKSMITH > > http://www.scribd.com/doc/162984271/SSL-Locksmith > > How LOCKSMITH SSL MITM Admin in house attack actually works: (Encrypted PDF) > > http://ad-misc.s3.amazonaws.com/aduc12_cyber-security_08_product-unveiling-ssl-locksmith.pdf
According to these slides the target needs to install the MITM certificate authority in their browser (see page 14). This is exactly the same design as _many_ intercepting proxy firewalls. -- Seth Schoen <[email protected]> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
