>> Continuing our story, it gets real interesting nowbecause the web server will send its digital certificate back to the client.The digital certificate contains the public key of Citibank signedwith the encrypted hash of the certificate authority.The man in the middle doesn't want to send this certificate back to host Abecause then host A will encrypt a symmetric key with the public key of Citibank,and the man in the middle won't be able to do anything more at that point.So now, the hacker program replaces the real certificatefrom the Web server with a fake, self-signed certificateand sends it along to Host A.At this point, there will be a warning in the browser of host A explainingthat there is a problem with the certificate.It's not trusted.Proceed at your own risk.When an average computer user sees this message, that person might raise an eyebrow but will morethan likely authorize the certificate and click through this warning.When that happens, host A's symmetric key is now encryptedwith the public key of the man in the middle.Then, host A sends the traffic to the destination IP of the web serverand the destination MAC of host C as before.Host C now decrypts the symmetric key with its private key.Then, host C comes up with its own symmetric key, and encrypts that with the public keyof Citibank, and sends that to the Citibank web server.The Citibank web server decrypts the symmetric key sent by host C with its private key.At this point in time, host A and host C share a symmetric key for encryptingand decrypting messages between themselves.Host C and the Citibank web server share a different symmetric key for encryptingand decrypting between themselves.Now, when host A logs into the Citibank web server with a username and password,those credentials are encrypted inside the SSL/TLS message with the shared symmetric key.Shared between the victim and man in the middle, that is.As soon as host A clicks the button to log in and pass through credentials,they go right to the hacker who decrypts them.The hacker now has the username and password for the victim's Citibank account.To keep the ruse going, the hacker now takes those credentialsand re-encrypts them using the symmetric key that host C and the web server are sharing.The web server gets the credentials, authenticates the client,sending the return traffic to the attacker, who simply relays it back to the client,host A. From host A's perspective, it's the real Citibank page and everything looks normal.Host A doesn't know the credentials have been compromised.Host A doesn't know all traffic is going through the man in the middle.The web server has no idea, either.Oy vey.
转载于:https://www.cnblogs.com/sec875/articles/10049543.html
相关资源:BIOS-UEFI安全培训.7z