wood burning stoves
The moose likes Security and the fly likes HTTPS SSL PROBLEM Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security


V Vijay Veeraraghavan

Joined: Apr 06, 2008
Posts: 21
https is one of the secure protocol that is, in now a days, used as a basic need to transmit data securely in internet applications(our application do use https). SSL is what encrypts the data sent through the https which sits below the http and encrypts the http data using a common encryption algorithm agreed between server and client. what happens if the data is sniffed in between the http and SSL, i.e we get the data before it reaches the SSL layer. we log the data and then send it to ssl. its like man-in-middle-attack, but between the http and ssl. i wrote an application that will alter the internet connection programmatically to enable this way of sniffing, then log the data, then send to ssl. i restricted the user in restoring the default internet settings.

if this is the case, then why not a malware, virus or trojans can sniff data easily which we believe is sent through a secure protocol. is the answer to this problem lies only with the independent system users, cleaning and securing their system with anti-virus, anti-trojan, anti-malware systems? does any virus or trojans exists with this kind of functionality? am i reinventing this problem?

Vijay Veeraraghavan
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
If a machine is malware-infected all bets as to the security and privacy of it are off anyway. That is to say, if that's a possibility, then there may be larger problems than worrying about the sniffing of transmissions that should be SSL-encrypted.

Having said that, the SSL en/decryption and display of data all happens in the browser. So unless part of the browser binary has been altered, there isn't much chance of a piece of malware actually observing the data. That's just an educated guess on my part, though, and may be dependent on the underlying OS.
I agree. Here's the link: http://aspose.com/file-tools
It's not a secret anymore!