.

Defending against MITM attack

<<

exus69

Newbie
Newbie

Posts: 1

Joined: Mon Mar 16, 2009 6:09 am

Post Thu Apr 21, 2011 2:58 am

Defending against MITM attack

If I use the latest version of Firefox with "HTTPS Everywhere" addon and if the sites that I visit provide HTTPS will I be still vulnerable to any MITM attack like sslstrip from my LAN??

Awaiting your replies.
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Thu Apr 21, 2011 9:24 am

Re: Defending against MITM attack

I believe that plugin only works on certain sites. I think that plugin just does what you should be doing anyways, and that is typing https into the browser instead of http and dealing with a redirect to https.

Its a good start but there are still many other known vulns for sslv3 and tls. Also, pay attention to your browser warnings.
<<

tople

Newbie
Newbie

Posts: 1

Joined: Sun Aug 28, 2011 11:14 pm

Post Sun Aug 28, 2011 11:38 pm

Re: Defending against MITM attack

HTTPS Everywhere 1.0.1 is the latest release for FireFox, It includes 1000s of new web sites. But still one can be vulnerable to Man - in - the - middle attacks. Right now is difficult to rely completely on this plugin. However it is still recommended to use browser carefully and keep a eye on the messages or warning generated by the browser. These may help to get rid of attacks.
<<

mambru

Jr. Member
Jr. Member

Posts: 98

Joined: Wed Jun 03, 2009 3:11 pm

Post Mon Aug 29, 2011 9:42 am

Re: Defending against MITM attack

Like cd1zz, the plugin only makes you use https instead of http (for a bunch of sites). You're still vulnerable to MITM attacks, you still need to be careful about warning messages indicating mismatches between the sites and the certificates.
<<

Susantorres

Newbie
Newbie

Posts: 1

Joined: Fri Sep 02, 2011 12:17 am

Location: 23306 Three Notch Rd California, MD 20619

Post Fri Sep 02, 2011 1:50 am

Re: Defending against MITM attack

We can use protocols which includes a form of endpoint authentication specifically to prevent MITM attacks. this is the best solution for MITM attacks.

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software