Advanced Mitm Techniques For Security Testers presented at OWASP FROC 2010

by Rajendra Umadas (Intrepidus Group), Aaron Rhodes (Intrepidus Group), Mike Zusman (Intrepidus Group),

Tags: Security Network Penetration


Summary : HTTP proxies such as WebScarab, Paros, and Burp make it easy to inspect and intercept normal web application traffic. But what can you do when your web application isn't "normal"? Maybe the client is not a standard web browser with configurable proxy settings. Maybe an ActiveX object is used to send non-HTTP traffic. Perhaps the application can't even be installed on a personal computer, but instead resides on a mobile or embedded device. In these situations, having the right proxy tools and a computer running Linux can be the difference between zero vulnerability findings and uncovering critical design flaws in a short period of time.

This presentation will cover advanced "man in the middle" techniques that can be used to intercept any TCP stream (including those protected with SSL/TLS) using a new transparent TCP proxy developed by Intrepidus Group. These techniques can be used to uncover server and client side bugs that might otherwise go unnoticed without a lengthy reverse engineering project. In addition to discussing tools and techniques, this presentation will also discuss real world programming flaws and vulnerabilities they've been used to uncover.

Rajendra Umadas: Rajendra Umadas is a Consultant with the Intrepidus Group. Mr. Umadas recently graduated Summa Cum-Laude from The Polytechnic Institute of NYU with a BS in Computer Engineering. At NYU:Poly, Mr. Umadas pursued a highly expansive computer security curriculum. He is just as comfortable sniffing out a memory corruption bug as he is assessing the risk management decisions of large projects. Coupled with Mr. Umadas' fresh academic outlook on security, he obtained a no-nonsense business sense of security while working in an Information Risk Management arm of a large investment bank. Corporate governance, segregation of duties, and SOX compliance were all daily concerns for Mr. Umadas. Mr. Umadas is eager to establish his own niche in the security world where he will be the catalyst of some very major innovation. With his strong academics, proven real world experience, and never-say-no attitude; it is only a matter of time.

Aaron Rhodes: Aaron is a Principal Consultant with the Intrepidus Group, specializing in network and application penetration testing. Over the past 8 years, Aaron has served clients in the finance, insurance, telecommunications, energy, medical and retail environments. Prior to joining Intrepidus Group, Aaron served as a Technical Lead in Symantec's consulting service group (formerly @Stake), providing security assessments and actionable recommendations to Symantec's customers. Aaron has also led security engineering teams servicing large government networks, developed software for intrusion detection, and served as part of US Air Force Information Warfare Aggressor Teams conducting red team exercises.

Mike Zusman: Mike Zusman is a Principal Consultant with the Intrepidus Group. Prior to joining Intrepidus Group, Mike held the positions of Escalation Engineer at Whale Communications (a Microsoft subsidiary), Security Program Manager at Automatic Data Processing, and lead architect and developer at a number of smaller firms. In addition to his corporate experience, Mike is an independent security researcher, and has responsibly disclosed a number of critical vulnerabilities to commercial software vendors. He has spoken at a number of top industry events including CanSecWest, Defcon, Black Hat and regional OWASP events. Mike also speaks and teaches about information security at NYU/Polytechnic University. Mike brings 11 years of security, technology, and business experience to Intrepidus Group. He is a CISSP and an active member of the OWASP foundation.