Publication Details

SSL/TLS Interception Workshop

PLUSKAL Jan and VESELÝ Vladimír. SSL/TLS Interception Workshop. Praha, 2019.
Czech title
Workshop na analýzu obsahu SSL/TLS
Type
audiovisual production
Language
english
Authors
Pluskal Jan, Ing., Ph.D. (DIFS FIT BUT)
Veselý Vladimír, Ing., Ph.D. (DIFS FIT BUT)
Keywords

SSL, TLS, MitmM

Abstract

The presentation introduces methods for intercepting TLS/SSL connections. The focus is on man-in-middle attack employing TLS/SSL proxy and other ways how to obtain session's private keys. Speakers will outline necessary theory (including the history of SSL/TLS framework design), well-known attacks (including OpenSSL Hearthbleed, Logjam or BEAST) and industry standard tools (such as Wireshark, NetFox Detective, Fiddler Proxy and SSL-Split). The session will also include a live demonstration of MitM attack on HTTPS connections enhanced with form-logging JavaScript injection. Participants will receive free of charge access to test-bed, which consists of real devices (and their traffic) including the prototype of our hardware probe decrypting SSL/TLS on-the-fly.

Published
2019
Pages
60
Place
Praha, CZ
Back to top