Abstract: that year 12306 should install their own certificates…
- Knowing all the truth, he can really do whatever he wants
- Official account: Cola
FundebugReproduced with authorization, copyright belongs to the original author.
What is MITM
Man-in-the-middle attack: Abbreviated to MITM: A hacker is abbreviated to the two parties of communication, intercepting or even tampering with communication information. The communication parties do not know that the message has been intercepted or even tampered with.
For example, Xiao Ming uses wechat to send a message to Xiao Hong. The message will be sent from Ming’s phone to the wechat server, which will then forward the message to Xiao Hong. Theoretically, the wechat server can view or modify the message sent by Xiao Ming. At this point, the wechat server can act as a middleman for the attack.
Some people browse the Internet through a proxy server, which acts as a middleman.
What is the use of MITM for individuals? This starts with MITM’s offense and defense.
Two, anti-attack
First look at how to prevent attacks. The most effective way to protect against attacks is One Time Password, which was proposed by Shannon, the inventor of information theory, and is absolutely safe in theory. But the one-time password also has a premise, that is, the password is securely communicated to the other party. This place seems to be at a dead end.
For accessing the Internet, whether through a browser or an APP client, HTTPS is generally used for communication, which is actually a relatively effective encryption method. During communication, the client or operating system has a built-in root certificate of the Authoritative CA. At the beginning of communication, the server returns the signature certificate obtained from the CA. Then the client uses the root certificate to verify the validity of the certificate, and finally uses the public key provided by the certificate to encrypt data.
The assumption here is that the authoritative certificate authority will not disclose the signature information. What an f-word, is there a sense of powerlessness? Our Internet security is actually based on humanity and morality. There is also an endless loop where the system is validated by the server’s CA certificate, and the CA itself needs other cas to verify its validity. The solution to this problem is to integrate well-known root certificates with the system or the browser itself.
In the early years, 12306 had to use its own signed certificate, which was not accepted by mainstream browsers, so users had to download and install the certificate for the first time. This is actually a very dangerous operation, criminals can use this mechanism to install illegal certificates on the user’s device. Fortunately, 12306 has adopted the certificate issued by DigiCert.
In addition to CA digital certificates, there are also some special key exchange protocols, such as ZRTP, HPKP, DNSSEC, etc., which can ensure communication security to a certain extent.
In addition to direct authentication, MITM can also be prevented through tampering detection, forensic analysis and other means.
By the way, the most effective cryptography is probably Quantum cryptography. Quantum encryption has the support of both mathematics and quantum mechanics. As long as there is no problem with mathematics and quantum theory, quantum encryption is absolutely safe in theory. We’ll talk about quantum encryption in the future.
Three, attack
The following uses HTTPS encryption as an example. In order to prevent abuse of illegal elements, this article shares the principle only.
Let’s put in a middleman between the client and the server, like installing Fiddler on the computer. There are many online tutorials on how to capture a Fiddler package, but I won’t go into them here. Directly above:
- The hacker installs the root certificate on the mobile phone of the victim through a special way;
- The client initiates a connection request, and the proxy server (Fiddler) intercepts the request in the middle and returns the forged certificate signed by itself.
- After receiving the certificate, the client searches for the trusted root certificate in the system. The hacker has installed his or her own root certificate on the victim’s mobile phone in advance, so the client passes the authentication.
- The client then treats Fiddler as a legitimate server;
- Fiddler communicates with a real server, intercepting keys and decrypting data.
At this point, the server and client data are completely transparent to Fiddler, the middleman.
Four, summary
In fact, after mastering MITM technology, it is very simple to understand the implementation logic of various apps, and a group of charging apps can basically crush them.
Maybe the recovered phone should be formatted. Maybe someone’s fishing.
Think of the words he said before, know the principle, really can do whatever you want.
About Fundebug
Fundebug focuses on real-time BUG monitoring for JavaScript, wechat applets, wechat games, Alipay applets, React Native, Node.js and Java online applications. Since its official launch on November 11, 2016, Fundebug has handled over 2 billion error events in total. Its paid customers include Sunshine Insurance, Walnut Programming, Lychee FM, Zhanmen 1-on-1, Weimai, Qingtuanshe and many other brand enterprises. Welcome to try it for free!