• secure socket layer;
  • man in the middle attacks;
  • certificates


Attacks have been targeting secure socket layer (SSL) from the time it was created especially because of its utmost importance in securing Web transactions. These attacks are either attacks exploiting vulnerabilities in the SSL protocol itself, or attacks exploiting vulnerabilities in the services that SSL uses, such as certificates and web browsers. While the attacks on SSL itself have been successful, at least in the context of academics or other research, attacks on the services that SSL uses have been successfully exploited in an actual commercial setting; the fact that makes these kinds of attacks extremely dangerous. In this paper, we give a brief overview of the attacks conducted on the implementation of SSL and we analyze in more details the recent attacks that exploit the services SSL uses. Most of these attacks are considered Man in the Middle (MitM) attacks. In particular, we explore the most recent five attacks targeting SSL: SSL sniffing, MD5 collide certificate, SSL striping, SSL Null prefix and online certificate status protocol (OCSP) attack. We discuss the origins of each attack and explain the typical environment that allows for such attacks to occur. We then highlight the implementation phase where we implemented some of the attacks and were able to catch logins, passwords, and any data transmitted between two parties. In addition, we implemented using, Java, our own parsers and decoders to extract the useful data from the captured files and decode them if needed. Since most of the discussed attacks target browsers and the way they manage certificates, we conducted an extensive evaluation on the rate of success of the SSL attacks when various browsers are used. The browsers that were considered are Internet explorer (IE), Mozilla Firefox, Opera, Safari, and Chrome. The alarming results show that all analyzed attacks except for SSL Sniffing can be performed on almost all browsers. Copyright © 2011 John Wiley & Sons, Ltd.