Result Details

SSL/TLS Interception Workshop (TLS1.3 edition)

PLUSKAL, J.; VESELÝ, V. SSL/TLS Interception Workshop (TLS1.3 edition). Kuala Lumpur: 2019. 60 p.

Type

audiovisual work

Language

English

Authors

Pluskal Jan, Ing., Ph.D., DIFS (FIT)
Veselý Vladimír, Ing., Ph.D., DIFS (FIT)

Abstract

The presentation introduces methods for intercepting TLS/SSL connections. The focus is on man-in-the-middle attack employing proxy and other ways how to obtain unencrypted content of the TLS/SSL session. Speakers outline necessary theory (including news about TLS 1.3), well-known attacks (e.g., renegotiation, downgrade, cipherspec change, and others) and industry-standard tools (such as Wireshark, NetFox Detective, Fiddler Proxy and SSL-Split). The session also includes a live demonstration of the MitM attack on HTTPS connections enhanced with form-logging JavaScript injection. Participants will receive free of charge access to the testbed, which consists of real devices (and their traffic), including the prototype of our hardware probe decrypting SSL/TLS on-the-fly.

Keywords

SSL, TLS, MitmM

Published

2019

Pages

Place

Kuala Lumpur

BibTeX

@misc{BUT161871,
  author="Jan {Pluskal} and Vladimír {Veselý}",
  title="SSL/TLS Interception Workshop (TLS1.3 edition)",
  year="2019",
  pages="60",
  address="Kuala Lumpur",
  url="https://www.fit.vut.cz/research/publication/12145/",
  note="Audiovisual work"
}

Files

pdf veselyv_issasie2019-tlsssl.title.pdf 184 kB

Projects

Integrated platform for analysis of digital data from security incidents, MV, Bezpečnostní výzkum České republiky 2015-2020, VI20172020062, start: 2017-01-01, end: 2020-06-30, completed

Research groups

NES@FIT - Networks and distributed systems research group (RG NES@FIT)

Departments

Department of Information Systems (DIFS)