HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 30 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Web Applicationsarrow Defending against MITM attack
EH-Net
May 18, 2013, 07:17:23 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Defending against MITM attack  (Read 9268 times)
0 Members and 1 Guest are viewing this topic.
exus69
Newbie
*
Offline Offline

Posts: 1


View Profile
« on: April 21, 2011, 02:58:07 AM »
If I use the latest version of Firefox with "HTTPS Everywhere" addon and if the sites that I visit provide HTTPS will I be still vulnerable to any MITM attack like sslstrip from my LAN??

Awaiting your replies.
Logged
cd1zz
Hero Member
*****
Offline Offline

Posts: 561


View Profile WWW
« Reply #1 on: April 21, 2011, 09:24:51 AM »
I believe that plugin only works on certain sites. I think that plugin just does what you should be doing anyways, and that is typing https into the browser instead of http and dealing with a redirect to https.

Its a good start but there are still many other known vulns for sslv3 and tls. Also, pay attention to your browser warnings.
Logged
OSCE | OSCP | GXPN | OSWP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com
tople
Newbie
*
Offline Offline

Posts: 1


View Profile
« Reply #2 on: August 28, 2011, 11:38:17 PM »
HTTPS Everywhere 1.0.1 is the latest release for FireFox, It includes 1000s of new web sites. But still one can be vulnerable to Man - in - the - middle attacks. Right now is difficult to rely completely on this plugin. However it is still recommended to use browser carefully and keep a eye on the messages or warning generated by the browser. These may help to get rid of attacks.
Logged
mambru
Jr. Member
**
Offline Offline

Posts: 98


View Profile
« Reply #3 on: August 29, 2011, 09:42:51 AM »
Like cd1zz, the plugin only makes you use https instead of http (for a bunch of sites). You're still vulnerable to MITM attacks, you still need to be careful about warning messages indicating mismatches between the sites and the certificates.
Logged
Susantorres
Newbie
*
Offline Offline

Posts: 1


View Profile
« Reply #4 on: September 02, 2011, 01:50:25 AM »
We can use protocols which includes a form of endpoint authentication specifically to prevent MITM attacks. this is the best solution for MITM attacks.
Logged
IT Security | IT Security Companies
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.568 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.