That URL alone isn't a full demonstration. Your browser notified you of a problem because it thought the web site was www.amazon.com, and you typed in www.thoughtcrime.org. You have to edit your hosts file:
66.93.78.63 www.amazon.com
Normally when a man in the middle substitutes his own certificate for the original destinaton's, the browser will pop up a huge warning dialog saying that the certificate isn't signed properly or that it is named incorrectly.
With this vulnerability, that doesn't happen.
You can exploit this vulnerability to "sniff the wire and accumulate data in cleartext."
See sslsniff: http://www.thoughtcrime.org/ie.html
A lot of people have been saying that, so I wrote a tool (sslsniff) to demonstrate the problem in a more "real-world" setting. It performs undetected hijacking/sniffing of IE SSL sessions, even on a switched network.
sslsniff:
http://www.thoughtcrime.org/ie.html
Slashdot Mirror
That URL alone isn't a full demonstration. Your browser notified you of a problem because it thought the web site was www.amazon.com, and you typed in www.thoughtcrime.org. You have to edit your hosts file:
66.93.78.63 www.amazon.com
For the full effect.
Normally when a man in the middle substitutes his own certificate for the original destinaton's, the browser will pop up a huge warning dialog saying that the certificate isn't signed properly or that it is named incorrectly. With this vulnerability, that doesn't happen. You can exploit this vulnerability to "sniff the wire and accumulate data in cleartext." See sslsniff: http://www.thoughtcrime.org/ie.html
That doesn't fix the problem. You're not testing it correctly, contact me offline if you want to do some actual testing.
A lot of people have been saying that, so I wrote a tool (sslsniff) to demonstrate the problem in a more "real-world" setting. It performs undetected hijacking/sniffing of IE SSL sessions, even on a switched network. sslsniff: http://www.thoughtcrime.org/ie.html