Asfws2014 tproxy
14
Applicaon Security Forum - 2014 Western Switzerland 05-66 November 2014 - Y-Parc / Yverdon-les-Bains hp://www.appsec-forum.ch TProxy Transparent interception of TCP traffic Bertrand Mesot & Sylvain Heiniger Objecf Sécurité SA
-
Upload
application-security-forum-western-switzerland -
Category
Technology
-
view
344 -
download
0
description
s
Transcript of Asfws2014 tproxy
Application Security Forum - 2014Western Switzerland
05-66 November 2014 - Y-Parc / Yverdon-les-Bainshttp://www.appsec-forum.ch
TProxyTransparent interception of TCP traffic
Bertrand Mesot & Sylvain HeinigerObjectif Sécurité SA
A work in progress
2
What we try to achieve
3
Get in the middle
4
Bridging– Physical access to cables
– Beware of 802.1x security
ARP spoofing
Redirect traffic towards TProxy
5
iptables -t mangle -A PREROUTING
-p tcp --dport 80 -j TPROXY --on-port 9080
--tproxy-mark 0x1/0x1
TProxy: intercepted connections
6
TProxy internals
7
TProxy: intercepted messages
8
TProxy: message editors
9
Hexadecimal
Wireshark dissection
RDP downgrade attack
10
0x03 → 128-bit RC4 0x01 → 40-bit RC4
TProxy: SSL/TLS
11
Tools, languages & toolkits
13
Tools
Languages
Toolkits
Merci/Thank you!
Contact:[email protected]://www.objectif-securite.chSlides:
http://slideshare.net/ASF-WS/presentations
14
