Transcript E-DETECTIVE
E-Detective HTTPS/SSL Interception – MITM & Proxy Decision Group www.edecision4u.com Introduction to HTTPS/SSL Interception HTTPS/SSL Interception Appliance (Software + Hardware) User can opt to purchase only software from us and use their own hardware/server. Intercept HTTPS/SSL traffic (connection sessions) by MITM attack or by Proxy setup. HTTPS/SSL Interception by MITM mode is carried out utilizing both DNS and ARP attacks. HTTPS web pages on targeted user can be decrypted, decoded and reconstructed. Username and password can also be obtained for Web Login. Apply to standard HTTPS/SSL traffic without additional security. HTTPS/SSL Interception by Proxy mode required the target users’ Web Browser to be pre-configured to use the Proxy service. Solution for: Lawful Enforcement Agencies (Police Intelligence, Military Intelligence, National Security, Counter Terrorism, etc) and corporate organizations. HTTPS/SSL Interception – By MITM Attack Intercept and reconstruct HTTPS/SSL traffic. Obtain HTTPS page login username and password. Intercept on specific targets (suspects) HTTPS/SSL Interception – By MITM Attack HTTPS/SSL Interception by MITM mode is carried out utilizing both DNS and ARP attacks. HTTPS web pages on targeted user can be decrypted, decoded and reconstructed. Username and password can also be obtained for Web Login. Target User (Suspect) IP Address must be known or pre-configured in the setup of HTTPS/SSL Interception system. Target Website Links (URLs) must also be pre-configured. Concurrently attack up to 5 users (Optional for more users). Apply to standard HTTPS/SSL traffic without additional security. To view encrypted content, a key is a needed HTTPS/SSL Interception – By Proxy Method HTTPS/SSL Interception – By Proxy Method HTTPS/SSL Interception by Proxy implementation. Proxy pre-configured on the targeted user(s) ‘ Web Browser is required. HTTPS/SSL Interception by Proxy implementation can supports other protocols capturing and reconstruction besides HTTPS/SSL traffic. Some supported protocols are: Webmail (Yahoo Mail, Gmail, Hotmail etc.), IM (Yahoo, MSN, ICQ, IRC, QQ, Web MSN, Web Yahoo etc.), HTTP Web Browsing, P2P and Online Games). Can be implemented to a group of users (more than 100 concurrent interception) HTTPS/SSL decryption only apply to standard HTTPS/SSL traffic without additional security. To view encrypted content, a key is a needed HTTPS/SSL Interception – Proxy Implementation Protocols Supported Webmail HTTP (Hotmail, Yahoo, (Link, Content, Gmail etc.) IM/Chat (Yahoo, MSN, ICQ, Gtalk, IRC, QQ, Web MSN, Web Yahoo) Others Online Games Reconstruct) File Transfer P2P Sample: Webmail (Read and Sent) Sample: IM (Yahoo, MSN, ICQ etc.) Sample: HTTP Link and HTTP Content References – Implementation Sites and Customers Criminal Investigation Bureau The Bureau of Investigation Ministry of Justice National Security Agency (Bureau) in various countries Intelligence Agency in various countries Ministry of Defense in various countries Counter/Anti Terrorism Department National Police, Royal Police in various countries Government Ministries in various countries Federal Investigation Bureau in various countries Telco/Internet Service Provider in various countries Banking and Finance organizations in various countries Others Notes: Due to confidentiality of this information, the exact name and countries of the various organizations cannot be revealed. Decision Group For more information about HTTPS/SSL Interception system, please contact [email protected]. Product demonstrations can be arranged.