Boards.ie uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Click here to find out more x
Post Reply  
 
Thread Tools Search this Thread
10-04-2013, 17:42   #1
CreepingDeath
 
Join Date: Jun 2006
Posts: 4,882
Check if your company/ISP is intercepting your HTTPS traffic

Hi,

Steve Gibson is a well known security expert who is the brains in the excellent "Security Now" podcast.

He knocked up a web utility to help you detect whether your company might be intercepting your HTTPS traffic with a man-in-the-middle attack.

( installing the own root certificates, so they can create fake facebook/gmail etc certs )

GRC Fingerprints link

Basically he lists the HTTPS cert fingerprints of known websites, eg. Facebook.

Code:
www.facebook.com	*.facebook.com	F5:6B:F2:44:63:B0:BD:61:36:C5:E8:72:34:6B:32:04:28:FF:4D:7C
But you can put in your own website and he'll get the cert that his unintercepted site sees, eg.

Code:
www.boards.ie *.boards.ie	C7:13:71:7A:A1:0B:CE:37:B1:77:46:FE:27:F1:58:A0:76:28:8D:42
So then you go to https://www.boards.ie, view the cert in your browser and compare the fingerprints of the cert that YOU see, eg. in this case the SHA1 fingerprint matches, so I know that my company isn't intercepting the HTTPS traffic to boards.

regards,
CD
CreepingDeath is offline  
(7) thanks from:
Advertisement
11-04-2013, 12:32   #2
Khannie
Make your dreams happen
 
Khannie's Avatar
 
Join Date: May 2004
Posts: 9,394
Nice one. Some security companies do offer that trusted man in the middle as a service.
Khannie is offline  
11-04-2013, 16:52   #3
BaconZombie
Registered User
 
BaconZombie's Avatar
 
Join Date: Jan 2007
Posts: 8,593
Wait... When did Boards start using HTTPS?

Quote:
Originally Posted by CreepingDeath View Post
Hi,

Steve Gibson is a well known security expert who is the brains in the excellent "Security Now" podcast.

He knocked up a web utility to help you detect whether your company might be intercepting your HTTPS traffic with a man-in-the-middle attack.

( installing the own root certificates, so they can create fake facebook/gmail etc certs )

GRC Fingerprints link

Basically he lists the HTTPS cert fingerprints of known websites, eg. Facebook.

Code:
www.facebook.com	*.facebook.com	F5:6B:F2:44:63:B0:BD:61:36:C5:E8:72:34:6B:32:04:28:FF:4D:7C
But you can put in your own website and he'll get the cert that his unintercepted site sees, eg.

Code:
www.boards.ie *.boards.ie	C7:13:71:7A:A1:0B:CE:37:B1:77:46:FE:27:F1:58:A0:76:28:8D:42
So then you go to https://www.boards.ie, view the cert in your browser and compare the fingerprints of the cert that YOU see, eg. in this case the SHA1 fingerprint matches, so I know that my company isn't intercepting the HTTPS traffic to boards.

regards,
CD
BaconZombie is offline  
13-04-2013, 11:44   #4
Capt'n Midnight
00:00
 
Capt'n Midnight's Avatar
Quote:
Originally Posted by BaconZombie View Post
Wait... When did Boards start using HTTPS?
https://www.eff.org/https-everywhere does what it says on the tin.


is OCSP still vulnerable to man in the middle attacks / is there another reliable way of verifying certs automatically ?
Capt'n Midnight is offline  
Thanks from:
14-04-2013, 10:00   #5
Khannie
Make your dreams happen
 
Khannie's Avatar
 
Join Date: May 2004
Posts: 9,394
Quote:
Originally Posted by Capt'n Midnight View Post
Nice.
Khannie is offline  
Advertisement
17-04-2013, 02:35   #6
Capt'n Midnight
00:00
 
Capt'n Midnight's Avatar
https everywhere also has options for the EFF SSL Observatory https://www.eff.org/observatory
Capt'n Midnight is offline  
Thanks from:
17-04-2013, 10:15   #7
CreepingDeath
 
Join Date: Jun 2006
Posts: 4,882
Quote:
Originally Posted by Capt'n Midnight View Post
https everywhere also has options for the EFF SSL Observatory https://www.eff.org/observatory
Interesting, I've just enabled that.
I had been using Https everywhere for boards as a matter of routine.
CreepingDeath is offline  
17-04-2013, 10:32   #8
Damo2k
Registered User
 
Damo2k's Avatar
 
Join Date: Sep 2006
Location: Ireland
Posts: 2,258
Quote:
Originally Posted by BaconZombie View Post
Wait... When did Boards start using HTTPS?
I'm not sure if they want us to be using SSL just yet. They will keep re-directing you back you normal HTTP.


Damo2k is offline  
17-04-2013, 14:16   #9
[-0-]
 
Join Date: Apr 2008
Posts: 2,951
Quote:
Originally Posted by Damo2k View Post
I'm not sure if they want us to be using SSL just yet. They will keep re-directing you back you normal HTTP.


Yeah when I use https on boards the pages don't render properly.
[-0-] is offline  
Post Reply

Quick Reply
Message:
Remove Text Formatting
Bold
Italic
Underline

Insert Image
Wrap [QUOTE] tags around selected text
 
Decrease Size
Increase Size
Please sign up or log in to join the discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Share Tweet