XMPPloit presented at BlackHat USA 2012

by Luis Delgado,

Tags: Exploitation SSL XMPP

Summary : "XMPPloit is a command-line tool to attack XMPP connections, allowing the attacker to place a gateway between the client and the server and perform different attacks on the client stream.
The tool exploit, implementation vulnerabilities at the client & server side and XMPP protocol.
The main goal is that all the process is transparently for the user and never replace any certificate (like HTTPS attacks).
Some features are:
Downgrade the authentication mechanism (can obtain the user credentials)
Force the client not to use an encrypted communication
Set filters for traffic manipulation
Filters that have been implemented in this version for Google Talk are:
Read all the the user's account mails
Read and modify all the user's account contacts (being or not in the roster).
A preliminary version was described in my talk 'XMPP, more than chat' (http://slidesha.re/GWBwMF) presented in RootedCON 2012 (Spain)."