Tag Archives: ssl


October 15, 2014

By Norman Yue ( LinkedIn )

For those of you paying attention to mailing lists early last night, you may have noticed a curious email come through, regarding a “Truly scary” SSL3.0 vulnerability about to drop – and drop it did today.

The vulnerability, known as POODLE , allows attackers to partially decipher bits of plaintext, such as session cookies, in conjunction with a man-in-the-middle attack where an attacker can modify traffic. The really scary part (imo) is on Page 3 of the whitepaper:

The expected overall effort is 256 SSL 3.0 requests per byte.

This is amazingly low, meaning that depending on the circumstances of exploitation, your typical web app session cookie can be broken in minutes. Continue reading

HOW TO: Intercept iPhone and iPad SSL connections that require a valid SSL certificate

September 11, 2012

With the rising popularity of iPhone and iPad devices, we are running into more and more applications which require a valid SSL certificate for all connections. In order to properly assess the security of these applications, we need to intercept the SSL connections they make. This post shows our technique for doing this.

Please note that this is not a vulnerability in iOS, and that everything is working as intended. This is the method we use for intercepting SSL connections made by iOS applications, and assumes you’re already able to forward such connections (using pf, iptables, or something similar) to your machine. This also assumes that you will be using burp suite proxy

1. Firstly, set up a working directory. This blog post assume you’re working with the following working directory structure:

mkdir ~/iosssl
cd ~/iosssl
mkdir {conf,certs,private,newcerts}
echo 01 > serial
touch index.txt

2. Then, copy your “openssl.cnf” file from somewhere in “/etc” into “conf/caconfig.cnf”

The location of your “openssl.cnf” file may vary  “find /etc | grep openssl.cnf” may help.

cp /etc/pki/tls/openssl.cnf ~/iosssl/conf/

Continue reading