SSL and Man in the Middle (MITM)

Author: Martin Voelk
November 27, 2014

Businesses and individuals seems to think HTTPS = SSL = SECURE. Truth couldn’t be further from that. If you see a green lock in your browser, all that says it’s a validated “good” certificate. It doesn’t mean that you are actually connecting to the server you expect to connect to. There could be a nice SSL interception proxy between your browser and the actual server. A classic company providing those appliances is BlueCoat. The BlueCoat will then do the SSL connection with the actual destination server whereas your browser is only doing the SSL to the BlueCoat unknowingly. If your company has set up the proxy correctly you won’t know anything is off because they’ll have arranged to have the proxy’s internal SSL certificate registered on your machine as a valid certificate.

So you can guess what happens in the middle? Clear text and all your data is visible. Who can install those boxes? Service Providers, Governments, your company. Pretty much anyone in the middle of that connection. Whilst the ordinary hackers can’t just set up ISPs and deploy BlueCoat SSL proxies, hackers increasingly target networks to hack into those BlueCoat boxes. Others have purchased the equipment and deployed it for them.

This is the real risk, especially when those networks are easy to enter, as we unfortunately find in many of our Penetration Tests.  Surveillance is questionable but has its need when it comes to combat terrorism and the likes. However it’s important that the surveillance appliances are secured from Hackers because then the data could really get into the wrong hands.