0

I need to compare TLS and SSL for an essay and I thought a good way to do this would be to emulate a Man in the Middle attack, however I have no clue how to do it.

Nikhil_CV
  • 856
  • 5
  • 14
Harold Lee
  • 9
  • 1
  • Related:[How to “demonstrate” man-in-the-middle attack?](http://security.stackexchange.com/questions/31653/how-to-demonstrate-man-in-the-middle-attack?rq=1) , – Nikhil_CV Sep 29 '15 at 18:47
  • 1
    So you plan to analyze the byte streams of the connections to compare the protocols? You might do better just comparing the specs. – Neil Smithline Sep 29 '15 at 19:25
  • Not sure what you require. Why do you need to compare the 2 by emulating an MitM? Hows MitM going to help you compare the 2? If your question is about how to SSL MitM, then there are plenty of resources out there to help you. – user1720897 Oct 01 '15 at 03:40

3 Answers3

1

That doesn't make much sense. You are asking a XY problem.

First of all. TLS is a just a new set of the SSL specification:

  • TLS 1.0 would be SSL 3.1
  • TLS 1.1 would be SSL 3.2
  • TLS 1.2 would be SSL 3.3

The name change was due to politics, and has a lot of confusion since (eg. users enabling only SSL 3, thinking it's the latest version, while it's te oldest).

So you first need to decide what to compare. SSL 3 vs TLS 1.0? Against TLS 1.2?

You would probably concentrate in the differences SSL 3.0 vs TLS 1.0, and then you could also state some improvements of the newer TLS versions if you wish.

Ángel
  • 18,188
  • 3
  • 26
  • 63
  • There is a TLS 1.3? I thought 1.2 was the newest oh well...I want to compare SSL 3.0 with TLS 1.9, apologies for not stating earlier – Harold Lee Oct 01 '15 at 09:48
  • Oops, sorry. I must have mixed the numbers when matching the versions which what they would have if they had kept the SSL name, @HaroldLee There _is_ a TLS 1.3, but it is just a [draft](https://tlswg.github.io/tls13-spec/). I have edited the post. – Ángel Oct 05 '15 at 21:31
  • hahaha i meant tls 1.0 not 1.9 lol didnt see that typo – Harold Lee Oct 06 '15 at 01:51
0

You could use Wireshark to capture the traffic between your server and your client.

You need the private key of yours certificates which begin by 

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

In wireshark, select edit>preferences>Protocols>SSL: RSA Key Field: 192.168.0.1,443,http,c:\server_private_key.pem,c:\debugTLS.txt

  • 192.168.0.1 is your server IP address.
  • 443 is the TCP port
  • http is the protocol carried inside the SSL/TLS session
  • c:\server_private_key.pem: your private key
  • c:\debugTLS.txt: log file
Sorcha
  • 595
  • 2
  • 5
0

Try the sslsniff by Moxie Marlinspike - if client doesn't perform proper certificate chain validation when connecting to server you should be able to perform MitM attack with ease.

Michał Staruch
  • 396
  • 2
  • 4