A new tool presented at the Black Hat DC 2009 conference by Moxie Marlinspike proves to be a formidable foe against secure login schemes. Always trying to stay on top of the game, Click Death Squad decides to give this tool a whirl and see what the buzz is all about. This attack is particularly crafty because it acts as a Man in the Middle, keeping an eye on HTTPS requests and then mapping them to HTTP look alike setups. If a person were operating on a wireless access point that had been broken into, the results can be devastating. You have a box running sslstrip which has port forwarding enabled and is actively spoofing ARP on a LAN. This computer is the jump off point, which will fake out the wireless router into redirecting HTTPS requests, modifying them and passing them on to the victim. Features include a fake "lock" icon and selective logging capabilities, which provide great flexibility when sniffing traffic. The example we use shows how a MySpace "secure" login can be easily captured using this attack. Props to Moxie Marlinspike for making this tool available to the public.
Add support for 2048 and 4096 bit Diffie-Hellman Fix syslog error messages Fix threading issues in daemon mode . Fix address family check in netfilter NAT lookup Fix build on recent glibc systems Minor code and build process improvements
