The Middler: a program to hack unprotected Gmail accounts
At the Defcon hacker conference, The Middler program (open source, written in Ruby) was shown to automatically collect accounts from Gmail users who did not include the function to always use a secure connection in their settings (“Always use https”).
By the way, the program is suitable not only for Gmail, but also for other services that use HTTPS only for authentication, and then do not protect the session. At the hacker conference, a demo hacking of one of the online banks, LinkedIn, LiveJournal and Facebook services was successfully performed, intervention in the software update process on PCs and iPhones and the introduction of malicious Javascript directly into the browser session while surfing secure sites.
')
The Middler not only automatically analyzes network traffic and finds cookies in it, but also independently requests cookies from the client, that is, the process is automated to the maximum. The program guarantees the collection of all unprotected accounts on a computer network (or public hotspot), to which traffic it has access.
The option of a permanent SSL connection (in the screenshot) appeared in Gmail just a few weeks ago . If you haven’t activated it yet, now you have a good reason to do it.
The fact is that SSL is always used in Gmail and other services only during authentication. If the above-mentioned option (“Always use https”) is not activated, then SSL authentication is disabled after authentication, and the information is sent over an unprotected channel, including cookies, which, if taken over, an outsider can easily enter your inbox. After receiving the session ID, you can enter your account even without knowing the password.
It is obvious that users who use public hot spots are exposed to the greatest threat. First of all, they are recommended to activate the option of permanent use https.
Connection protection causes a slight slowdown when working with Gmail. If you need to use a secure connection only occasionally, then in these rare cases you can enter the box from the address http://mail.google.com , and then SSL works throughout the session, even if the option is not activated.
By the way, the program is suitable not only for Gmail, but also for other services that use HTTPS only for authentication, and then do not protect the session. At the hacker conference, a demo hacking of one of the online banks, LinkedIn, LiveJournal and Facebook services was successfully performed, intervention in the software update process on PCs and iPhones and the introduction of malicious Javascript directly into the browser session while surfing secure sites.
')
The Middler not only automatically analyzes network traffic and finds cookies in it, but also independently requests cookies from the client, that is, the process is automated to the maximum. The program guarantees the collection of all unprotected accounts on a computer network (or public hotspot), to which traffic it has access.
The option of a permanent SSL connection (in the screenshot) appeared in Gmail just a few weeks ago . If you haven’t activated it yet, now you have a good reason to do it.
The fact is that SSL is always used in Gmail and other services only during authentication. If the above-mentioned option (“Always use https”) is not activated, then SSL authentication is disabled after authentication, and the information is sent over an unprotected channel, including cookies, which, if taken over, an outsider can easily enter your inbox. After receiving the session ID, you can enter your account even without knowing the password.
It is obvious that users who use public hot spots are exposed to the greatest threat. First of all, they are recommended to activate the option of permanent use https.
Connection protection causes a slight slowdown when working with Gmail. If you need to use a secure connection only occasionally, then in these rare cases you can enter the box from the address http://mail.google.com , and then SSL works throughout the session, even if the option is not activated.
Source: https://habr.com/ru/post/37792/
All Articles