RE: Cain a& Abel Question

Pete,

What you are seeing is the result of a "man in the middle" style attack rather than a decoding of your SSL connection to the bank.

C&A is intercepting and forwarding your traffic due to the ARP poisoning. Your browser negotiates an SSL connection with C&A. C&A negotiates another SSL connection to the bank. Then C&A is able to see all traffic in plaintext as it passes it along.

Browser <--ssl--> C&A (plaintext) <--ssl--> Bank

The program is not able to generate a proper certificate to hand your browser, though. It is self signed and will not be trusted by your browser. An alert should have popped up when you opened the page. Did it?

Cain info: http://www.oxid.it/cain_faq.html MiM info: http://www.sans.org/rr/threats/man_in_the_middle.php

--
David

> -----Original Message-----

> I was reading thru the list and decided to give Cain & Abel a try...


 

---------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-pen-test
----------------------------------------------------------------------------