I see that this page has been indexed by Google but more relevant ones
have not. I suggest you
see my paper on SSL-man-in-the-middle attacks:
http://www.pburkholder.com/sysadmin/SSL-mitm//
First page Back Continue Last page Summary Graphics
SSL Attacks: Dug Song's dsniff
dnsspoof: /etc/dnspoof.hosts
- <my_host_ip> login.yahoo.com
webmitm -d login.yahoo.com #make webmitm.cert
Notes:
Web man-in-the -middle attack
An attacker on the client's subnet will spoof DNS to return its own IP for a DNS query
Client will then establish an SSL connection to the attacker, which will return its own cert -- leaving the client to decide whether to accept the self-signed cert or not
Once accepted, attacker relays and inspects/modifies any traffic