How to detect an SSL Man-in-the-middle attack

1 min read

Привіт Люба

this week’s paper by Facebook Research is a bit dated (2014) as you also feel when reading through it (as it uses Flash Player as research ground), but nevertheless I learned quite a bit about how to perform and also detect an SSL Man-in-the-middle attack. In comparison to other approaches, the researcher in this paper was able to detect malicious SSL certificates without adding additional software to the browser. (TIL: Flash supported raw sockets)

Nice start into the world of SSL security and even though it’s age, I consider this a great article and a worthy read.


Abstract:

The SSL man-in-the-middle attack uses forged SSL certificates to intercept encrypted connections between clients and servers. However, due to a lack of reliable indicators, it is
still unclear how commonplace these attacks occur in the wild. In this work, we have designed and implemented a method to detect the occurrence of SSL man-in-the-middle attack on a top global website, Facebook. Over 3 million real-world SSL connections
to this website were analyzed. Our results indicate that 0.2% of the SSL connections analyzed were tampered with forged SSL certificates, most of them related to antivirus software and corporate-scale content filters. We have also identified some SSL
connections intercepted by malware. Limitations of the method and possible defenses to such attacks are also discussed.

Download Link:

https://scontent-frx5-1.xx.fbcdn.net/v/t39.8562-6/240838524_546050699836887_5262112051546360937_n.pdf?_nc_cat=100&ccb=1-5&_nc_sid=ad8a9d&_nc_ohc=NCPTyaWRNJkAX9IYLuD&_nc_oc=AQn7FnMzg2pGaM9PgTdK57IiacEKyYcLZ8UNN5KWVcsxHQ06ZOubE4Td-Irjv3MyzhU&_nc_ht=scontent-frx5-1.xx&oh=00_AT-X9SWP5olIaIbq62cLaltDyz8CZPYk8os5GIyD7t_1_A&oe=62339A61


Additional Links:


It would be awesome if you could help growing our little paper community even more by sharing it with your circles (you can also @eu_frey me on Twitter for retweets :D):

simon-frey.com/weeklycspaper

If you have any paper recommendation for me, please do not hesitate to approach me via [email protected] (Please keep the Backend & DevOps topic focus in mind)


With much love,

Simon Frey

To never miss an article subscribe to my newsletter
No ads. One click unsubscribe.