Time
5 minutes
Difficulty
Intermediate

Video Transcription

00:05
Hello, everyone. And welcome back to breaking stuff with Joe. I as always in Europe, on Imus Host Joe Perry, the director of research here at Cyber. And today I'm gonna be telling you all about the SSL client Auditing tool, S s L c on it. Pretty directly named pretty straightforward and overt. The s S L C audit tool
00:24
is a very simple, straightforward utility that allows you to determine whether a given SLR T. L s client
00:30
is vulnerable to man in the middle attacks against SSL. Since we're talking about man in the middle of man in the middle tool, we're gonna spend a little bit of this video just discussing the concept of man in the middle. In a previous video, we talked about the concept of supply chain interdiction. Man in the middle is sort of along those same general concepts and veins.
00:47
But there are some serious decisions. Is important some important facts that we're gonna cover in this video.
00:52
So over the course of the next eight minutes or so, we're gonna learn what a man in the middle attack is. How it works. We're learning a launch. S S L C on it and very, very quickly and easily because it's a very straightforward tool. We're actually going to connect to that audit, and we're going to make use of it to perform an actual SSL on it and determine
01:10
if a given client is or is not vulnerable
01:12
to this attack. So stay tuned. Only gonna take about eight minutes, and by the end of it, you're gonna know how to use the S S L C client tow brake SSL see audit toe break stuff every day.
01:25
And as usual, we're back into our trusty Callie V M.
01:27
And before we actually jump into talking about the S S l c on it, tool, I want to take a second and discuss what this is actually for. I mentioned in the intro that we're gonna get to talk about man in the brutal attacks, and that's exactly what this is. The idea is that what we're looking for is a susceptibility to this specific attack, a weakness in their ssl certs or in their SSL implementation
01:46
that makes it possible to enter too
01:49
interject our own traffic in someone interdict the
01:52
proper running the proper activity of a given system. So a man in the middle attack put it, very simply, is when there is a server and a host, and they're communicating to one another. If you can insert yourself in the middle of that traffic, you gain the ability to see sensitive data the ability to modify data and root.
02:08
We're even the ability to just shut down communications at will,
02:13
or even very selectively prevent specific
02:15
communications from happened. So it might be that you're totally okay to watch videos on YouTube all day, and the man in the middle attack won't do anything. But if you try to access your bank account, then it's going to kill your connection. Or then it might, you know, trap and capture that data and use that for right anti theft or a similar attack in the future. So man in the middle of very simply is just putting yourself in the middle
02:36
so that you have access to the traffic from both the server and the hopes for Silver and the client
02:40
in order to determine what actions you might be able to take next, and to potentially intervene in that traffic.
02:46
So that's what man in the middle is in order to test for that in order to determine whether we're susceptible to that, we want to use tools like S S L C Auto SSL is the secure socket layer. It's the sort of secondary protocol on top of which http can run to create https. It's essentially just adding security to the communication method
03:06
and the way we're able to audit. That is very simply by standing up a Web server using the C. E. S S L C audit tools and connecting to it and seeing what we get back.
03:15
So we're gonna run SSL, see audit.
03:17
We're gonna spell, right? We're going to give the listening address. In this case, we're just gonna do our local host
03:24
on port 443 because that is the portal, which https operates
03:30
Attack L. And they will do attack V one. This is to increase the verbosity of the tool just so that it will give you more detailed, informative outputs. There are two options here on one. I generally said it toe one, which is as verbose is that cool?
03:42
So we'll go ahead and hit return
03:44
and you can see that it gave us a file bag location and it's blinking, and everything's just kind of sitting still right now. The reason for that is it's a waiting for a connection to this address.
03:53
So we're gonna minimize this real fast. We're gonna open a Firefox browser
03:58
and you could see that I already have it up. We'll go ahead and refresh,
04:01
and we're gonna get a secure connection failure. So that's good news for us. It means that for some reason this security did not do what it was supposed to do.
04:12
Let's make sure we check it with both H GPS and specifying the Portland were after
04:18
there were so you can see the connection is breaking down. It just doesn't seem to be working that's actually believe it or not. Good news for us and jump back in here. You can see that this S S L C audit is spinning out a bunch of That's great news. That means that the attack that it is using against our browser is unsuccessful,
04:35
and so we're at least not vulnerable to this specific tool and the specific attack.
04:40
It's one of those cases were getting a bad getting a bad result getting errors back is actually a sign of good news.
04:46
So that's all there is to it. That's all there is to S S L C on it. And we talked about the concepts of man in the middle. Doctor had actually use this, and I showed you what it looks like to connect to it and determine whether or not you're vulnerable to this attack. It is worth noting that S s L S S L C audit is an older tool. It's not as heavily maintained is a lot of the tools on Callie,
05:04
But I still love to use it because it's capable of
05:08
doing tests against a lot of older as the cell implementations very easily. So one of the things that I talked about often in these videos is when you're doing the security audit of an enterprise of any large organization, you're gonna find old machines. They might be X p boxes that someone left running in a corner get gathering dust.
05:25
They might even be a little bit more modern than that, but still old enough that very old vulnerabilities
05:30
can be found on them and exploited to gain access. And as associate it is one of those tools that you're gonna be able to use to very quickly determine is their susceptibility here. Can I inject myself in this traffic and use it as a foothold to move further against my target?
05:43
That's all there is to it. That's the end of this video. Thank you all for watching. We hope to see you back next time on breaking stuff with Joe on Cyberia on.

How to use SSLCaudit (BSWJ)

Enter SSLCaudit. SSLCaudit is an automated tool for testing SSL/TLS connections' vulnerability to MitM attacks. Though it's not the newest tool in a security practitioner's arsenal, it remains a useful and valuable method of ensuring your HTTP security measures aren't themselves vulnerable to attack.

Instructed By

Instructor Profile Image
Joe Perry
Senior Technical Instructor at FireEye, Inc
Instructor