Bot-Factory 602 Posted December 30, 2013 Report Share Posted December 30, 2013 Hello. I'm looking for a way to prevent a man in the middle attack. My bot is communicating with some HTTPS websites. And sometimes I have to integrate login details into the bot. The bot itself is encrypted and secured with a 3rd Party protection mechanism. But I'm not able to validate the SSL communication from my bots to the https websites. So if someone is using a software like Fiddler (http://fiddler2.com/) he could install a special "man in the middle" certificate which is fully trusted on his computer. And the software will intercept the communication from the bot and present it's own SSL certificate. Which is the completely trusted. The certificate looks valid, but it's from "DO_NOT_TRUST_FiddlerRoot". So I'm looking for a way to check specific values of the certificate. To ensure that it's really the certificate that should belong to the site I'm communicating with. And not just checking the signature hierarchy. I think this is called certificate pinning. I'm not sure if it can be done with a plugin or with ubot in general. Because those infos are normally not exposed by the ubot browser. But maybe there is another way to do that? So if someone has a smart idea how to do that, please contact me. Thanks in advance for your help. Dan Quote Link to post Share on other sites
Bot-Factory 602 Posted December 30, 2013 Author Report Share Posted December 30, 2013 An additional information. Maybe useful: the best you can do is to exempt that application’s traffic from decryption by setting the x-no-decrypt Session flag on the CONNECT tunnel. This flag will prevent Fiddler from decrypting the traffic in the tunnel and it will flow through Fiddler uninterrupted. Quote Link to post Share on other sites
Macster (UBotter Labs) 112 Posted December 30, 2013 Report Share Posted December 30, 2013 ...there isn't much you can do against fiddler and MITM attacks if is going through HTTP traffic. The best way is to NOT use login details. Quote Link to post Share on other sites
Bot-Factory 602 Posted December 30, 2013 Author Report Share Posted December 30, 2013 ...there isn't much you can do against fiddler and MITM attacks if is going through HTTP traffic. The best way is to NOT use login details.If there would be a way for certificate pinning, you could detect that and stop the bot. With a regular .NET application that's relatively easy to do.Dropbox for example is using such a technique. So if you start Fiddler to analyze the dropbox communication, you can't because the app can detect that the destination website is not using the correct SSL certificate. Dan Quote Link to post Share on other sites
Edward_2 85 Posted December 31, 2013 Report Share Posted December 31, 2013 Great idea for a security plugin, we need it since what many of the bots are used for can be both considered unwelcome geust and potentially contain data the attacker may like, ie lists of usernames passwords, all type of credentials nicely formatted into lists for them. lol Quote Link to post Share on other sites
kev123 132 Posted December 31, 2013 Report Share Posted December 31, 2013 Look into how some banks are securing ive tried setting my laptop as a wifi hotspot with fiddler running and connect to the laptop all secure app traffic can be decoded but bank traffic detects the fake circ on my phone and that theres something in the middle Quote Link to post Share on other sites
Edward_2 85 Posted January 1, 2014 Report Share Posted January 1, 2014 As well look into trying to hack your own bot set up a zombie page and see how Ubot handles it... here's a great place to start http://www.backtrack-linux.org/forums/showthread.php?t=24391 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.