man in the middle, SSL

[James Muir]

I was reading a hacking blog today and came across this:

http://www.darknet.org.uk/2007/02/odysseus-win32-proxy-telemachus-http-transaction-analysis/ 


> Odysseus is a proxy server, which acts as a man-in-the-middle during
> an HTTP session. A typical HTTP proxy will relay packets to and from
> a client browser and a web server. Odysseus will intercept an HTTP
> session’s data in either direction and give the user the ability to
> alter the data before transmission.
> 
> For example, during a normal HTTP SSL connection a typical proxy will
> relay the session between the server and the client and allow the two
> end nodes to negotiate SSL. In contrast, when in intercept mode,
> Odysseus will pretend to be the server and negotiate two SSL
> sessions, one with the client browser and another with the web
> server.
> 
> As data is transmitted between the two nodes, Odysseus decrypts the
> data and gives the user the ability to alter and/or log the data in
> clear text before transmission.
> 
> You can find more and download Odysseus here:
> 
> http://www.bindshell.net/tools/odysseus

It is my understanding that SSL is engineered to resist mitm attacks, so 
I am suspicious of these claims.  I wondered if someone more familiar 
with SSL/TLS could comment.

Isn't in the case that the application doing SSL on the client should 
detect what this proxy server is doing and display a warning to the user?

-James

-- 
James Muir
http://www.scs.carleton.ca/~jamuir


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com