2

I know that certificates that are sent by the server cant be faked (still there is MD5 collisions but costy) but what about faking the client .. in man in the middle attack: cant we tell the server that we are the legitimate client and take data from that server manipulate it then encrypt it again with legitimate client public key ? how does the client be sure that the data came really from the server ?

in theory .. can we inject any data into the response sent by the server to the client ?..

zix
  • 45
  • 7
  • Did you try learning how SSL/TLS works prior to asking the questions? There was a question on this just yesterday: http://stackoverflow.com/questions/5109954/how-does-ssl-work/5109997#5109997 – Eugene Mayevski 'Callback Feb 25 '11 at 19:22
  • 1
    @Eugene that's a totally different question. *This* question is about the potential for MITM attacks on the client end, since SSL/TLS usually requires a server certificate but rarely requires a client one. –  Feb 25 '11 at 19:27
  • @Ninefingers if you learn how SSL works, you won't be asking *such* questions (and support them). The level of OP's supplementary questions shows that he insists on keeping himself ignorant rather than learn something. – Eugene Mayevski 'Callback Feb 25 '11 at 19:53
  • @Eugene that argument could be applied to any topic on here. If users read all the resources available on say C++ they could figure anything out for themselves at least theoretically. In practice, people need to ask for extra help understanding things. I think the OP has understood TLS/SSL and come to the conclusion that the usual usage of it isn't fully secure, but wishes to check his interpretation is right. And if s/he asks for additional clarification on people's points that isn't a problem. –  Feb 25 '11 at 20:34

2 Answers2

6

How are you authenticating the client? SSL client certificates? Or some application level system (cookies etc)?

Here's what SSL does in a nutshell:

  • Negotiates a Diffie-Hellman shared session key between the two parties
  • Has the server sign the session key and send the result to the client. Once the client verifies this, the client knows there is no MITM, and the server is who they say they are.
  • If client certificates are enabled, has the client sign the session key and send the signature to the server. The server now knows there is no MITM and the client is who they say they are.
  • Encrypts all data in both directions using the shared session key

Typically when you use SSL you won't use client certificates. Strictly speaking, the server does not know if the connection is MITM'd. However, most clients will disconnect if the server certificate is bad. The server assumes that if the client pushes forward with the connection, there is no MITM. Even if Mallory, doing the MITM, chooses not to propagate the disconnect from the client, he has no new information now; all he's done is connected to the server himself. Without intercepting the client's session cookie or other authentication information (which is only sent by the client after verifying the connection is secure) the MITM is useless.

So in short, as long as one end or the other verifies the certificate of the other end before initiating any high-level communication of sensitive information, SSL is secure in both directions.

Bruno Rohée
  • 3,436
  • 27
  • 32
bdonlan
  • 224,562
  • 31
  • 268
  • 324
  • As I said, it encrypts all data in both directions with the shared session key. It's up to the client to verify that there's no MITM going on before it authenticates to the server and tells the server to start sending data (unless you're using client certs, in which case both sides verify each other) – bdonlan Feb 25 '11 at 19:57
0

You're right -- without secure certificate authentication on the client and server there is an opening for a man in the middle attack.

SSL can be "secure both ways" if you use mutual authentication also called two-way SSL.

Randy Levy
  • 22,566
  • 4
  • 68
  • 94
  • so is JS code injection possible in that case ? can i take the respond from the server and inject JS in it ..then send it to the client ? – zix Feb 25 '11 at 19:43
  • Ok, describe the attack. And don't just MITM, say what the MITM will do. Or look instead at @bdonlan's analysis. – President James K. Polk Feb 26 '11 at 02:02