Hello, everyone. And welcome back to breaking stuff with Joe. I as always in Europe, on Imus Host Joe Perry, the director of research here at Cyber. And today I'm gonna be telling you all about the SSL client Auditing tool, S s L c on it. Pretty directly named pretty straightforward and overt. The s S L C audit tool
is a very simple, straightforward utility that allows you to determine whether a given SLR T. L s client
is vulnerable to man in the middle attacks against SSL. Since we're talking about man in the middle of man in the middle tool, we're gonna spend a little bit of this video just discussing the concept of man in the middle. In a previous video, we talked about the concept of supply chain interdiction. Man in the middle is sort of along those same general concepts and veins.
But there are some serious decisions. Is important some important facts that we're gonna cover in this video.
So over the course of the next eight minutes or so, we're gonna learn what a man in the middle attack is. How it works. We're learning a launch. S S L C on it and very, very quickly and easily because it's a very straightforward tool. We're actually going to connect to that audit, and we're going to make use of it to perform an actual SSL on it and determine
if a given client is or is not vulnerable
to this attack. So stay tuned. Only gonna take about eight minutes, and by the end of it, you're gonna know how to use the S S L C client tow brake SSL see audit toe break stuff every day.
And as usual, we're back into our trusty Callie V M.
And before we actually jump into talking about the S S l c on it, tool, I want to take a second and discuss what this is actually for. I mentioned in the intro that we're gonna get to talk about man in the brutal attacks, and that's exactly what this is. The idea is that what we're looking for is a susceptibility to this specific attack, a weakness in their ssl certs or in their SSL implementation
that makes it possible to enter too
interject our own traffic in someone interdict the
proper running the proper activity of a given system. So a man in the middle attack put it, very simply, is when there is a server and a host, and they're communicating to one another. If you can insert yourself in the middle of that traffic, you gain the ability to see sensitive data the ability to modify data and root.
We're even the ability to just shut down communications at will,
or even very selectively prevent specific
communications from happened. So it might be that you're totally okay to watch videos on YouTube all day, and the man in the middle attack won't do anything. But if you try to access your bank account, then it's going to kill your connection. Or then it might, you know, trap and capture that data and use that for right anti theft or a similar attack in the future. So man in the middle of very simply is just putting yourself in the middle
so that you have access to the traffic from both the server and the hopes for Silver and the client
in order to determine what actions you might be able to take next, and to potentially intervene in that traffic.
So that's what man in the middle is in order to test for that in order to determine whether we're susceptible to that, we want to use tools like S S L C Auto SSL is the secure socket layer. It's the sort of secondary protocol on top of which http can run to create https. It's essentially just adding security to the communication method
and the way we're able to audit. That is very simply by standing up a Web server using the C. E. S S L C audit tools and connecting to it and seeing what we get back.
So we're gonna run SSL, see audit.
We're gonna spell, right? We're going to give the listening address. In this case, we're just gonna do our local host
on port 443 because that is the portal, which https operates
Attack L. And they will do attack V one. This is to increase the verbosity of the tool just so that it will give you more detailed, informative outputs. There are two options here on one. I generally said it toe one, which is as verbose is that cool?
So we'll go ahead and hit return
and you can see that it gave us a file bag location and it's blinking, and everything's just kind of sitting still right now. The reason for that is it's a waiting for a connection to this address.
So we're gonna minimize this real fast. We're gonna open a Firefox browser
and you could see that I already have it up. We'll go ahead and refresh,
and we're gonna get a secure connection failure. So that's good news for us. It means that for some reason this security did not do what it was supposed to do.
Let's make sure we check it with both H GPS and specifying the Portland were after
there were so you can see the connection is breaking down. It just doesn't seem to be working that's actually believe it or not. Good news for us and jump back in here. You can see that this S S L C audit is spinning out a bunch of That's great news. That means that the attack that it is using against our browser is unsuccessful,
and so we're at least not vulnerable to this specific tool and the specific attack.
It's one of those cases were getting a bad getting a bad result getting errors back is actually a sign of good news.
So that's all there is to it. That's all there is to S S L C on it. And we talked about the concepts of man in the middle. Doctor had actually use this, and I showed you what it looks like to connect to it and determine whether or not you're vulnerable to this attack. It is worth noting that S s L S S L C audit is an older tool. It's not as heavily maintained is a lot of the tools on Callie,
But I still love to use it because it's capable of
doing tests against a lot of older as the cell implementations very easily. So one of the things that I talked about often in these videos is when you're doing the security audit of an enterprise of any large organization, you're gonna find old machines. They might be X p boxes that someone left running in a corner get gathering dust.
They might even be a little bit more modern than that, but still old enough that very old vulnerabilities
can be found on them and exploited to gain access. And as associate it is one of those tools that you're gonna be able to use to very quickly determine is their susceptibility here. Can I inject myself in this traffic and use it as a foothold to move further against my target?
That's all there is to it. That's the end of this video. Thank you all for watching. We hope to see you back next time on breaking stuff with Joe on Cyberia on.