I tried to learn the indpeth operations of the ssl stripping,but i got strucked at a point,so tought of asking here,
As far as i have learnt First attacker capturing or listening the victims traffic with arp spoofing/arp poisoning(in most cases) and applys ssl stripping and decode the traffic and passing it back as a "http" traffic to the victim ,this is how i assume ssl stripping works,
1)like the same way can we strip out a ssh or any kind of encrypted traffic?
2)if suppose a victim is using multiple encryptions means what will happen?
for example say a victim is using a vpn,inside the vpn he is using some ssh tunneling to access the g-mail account,so now at this stage 3 layers of encryptions are there
i.e ssl for vpn,ssh encryption,another ssl for g-mail,now at this junction is it possible for a attacker to strip out these multiple encryptions?
3)Also why not the ssl encryption developers are not developing a technology that can verify data integrity like the IP-SEC standards? why they are merely developing some complex algorithms and focusing more and more on increasing the strength on the encryption,why they are not focusing any thing on data integrity?
4)i have been thinking about some LAW enforcement level ssl decryption after i seen the following device
what makes me amuzed was,there are class of hackers just strip the ssl and access the plain text,this is the most come scenarios we are seeing in the real world,but there exists another side,which is being missed by most of the professionals,the law enforcement guys are using like this
victim aka bad guy ------->ssl stripping by law enforcement( and after decryption ,they have been re-encrypting the traffic because they have valid digital certificates from the COA's all over the world)--------------->
even tough we don't have a root certificate , As a pen-tester is it possiblefor us to do like the above?
Because i don't want my victim to know that i am stripping his traffic,that is the main thing i am willing to learn..
hope i will get my doubts cleared...