 |
InGuardians Co-Founder Jay Beale spoke about a cutting-edge new man-in-the-middle tool, The Middler, at Def Con 16.
The Middler allows an attacker with no web application hacking experience to launch attacks that previously required substantial time and skill. The Middler allows an attacker to:
- Clone users sessions in any application that uses cleartext HTTP, even after authenticating over HTTPS
-
Trojan application installation on jailbroken iPhones, as well as a large number of software installation and self-update
-
Replace HTTPS links with HTTP links before serving them to the victim, while making sure to submit the user's data to the server over SSL.
-
Automatically redirect the victim's browsing to Metasploit client-side exploits.
-
Automatically gather and change the victim's private data in a web application, quickly and without input from the attacker.
Jay will release the tool soon. Check back here often for a pre-release. In the meantime, here are the talk slides.
Copyright © 2008
InGuardians, Inc.
|
|
