SSL And TLS Attacks | SSL Man In The Middle
How attacker manages to fake out as authority?
- First the attacker needs that all traffic in network should pass from his/her system.
- So he/she performs ARP poisoning attack. (for more info on ARP poisoning read Packer Sniffer section).
- Now he/she installs SSL strip in his/her system with respect to access point of network.
- By doing so attacker manages to act as CA authority for all traffic that will pass from his/her system.