"Machan, I need some help"
"Yh, what sort of?"
"A Kuppi. Can you prove how SSL is gonna be secure?"
I explaind him the theories of public key cryptography and he had nicely understood them. At the end of the day we both are happy :) . Now, it's time to play with some tools.
"OK, here's my SLTnet prepaid account which I have been using before getting this mobile broadband package. You can see their web site doesn't support SSL enabled login. I don't use this account anymore."
"Yes machan, what are you gonna do?"
"I'm turning on the network protocol analyzer, and entering shaakunthala as username, 123456 as the password coz I don't remember my password."
"OK, show me how to get the password."
"Viola! Here it is, 123456!!"
"Yes, then you say, it's not possible when SSL is enabled?"
"Not actually, but it is not possible to sniff the passwords using regular methods when using SSL"
"OK, show me practically" "Here's Gmail -- close your eyes ;) I'm entering my real username and R-E-A-L password!"
"Are you crazy!? What if I see your password?"
"You won't. Try it yourself."
My friend, tired spending few minutes struggling with the protocol analyzer logs,..
"OK men.. I give up.. you win... and thank you for your time"
"That's okey dude! :) "
* Characters: Me and one of my best friends -- At University of Colombo School of Computing open canteen a.k.a. Bhawana (බවන). ;)
* Kuppi (කුප්පි): A Sinhala word for vial. But, in university students' subculture, a Kuppi is the act of a student helping his own colleague(s) who haven't been able to understand the lectures completely or partially.
"Yh, what sort of?"
"A Kuppi. Can you prove how SSL is gonna be secure?"
I explaind him the theories of public key cryptography and he had nicely understood them. At the end of the day we both are happy :) . Now, it's time to play with some tools.
"OK, here's my SLTnet prepaid account which I have been using before getting this mobile broadband package. You can see their web site doesn't support SSL enabled login. I don't use this account anymore."
"Yes machan, what are you gonna do?"
"I'm turning on the network protocol analyzer, and entering shaakunthala as username, 123456 as the password coz I don't remember my password."
"OK, show me how to get the password."
"Viola! Here it is, 123456!!"
"Yes, then you say, it's not possible when SSL is enabled?"
"Not actually, but it is not possible to sniff the passwords using regular methods when using SSL"
"OK, show me practically" "Here's Gmail -- close your eyes ;) I'm entering my real username and R-E-A-L password!"
"Are you crazy!? What if I see your password?"
"You won't. Try it yourself."
My friend, tired spending few minutes struggling with the protocol analyzer logs,..
"OK men.. I give up.. you win... and thank you for your time"
"That's okey dude! :) "
***
* Characters: Me and one of my best friends -- At University of Colombo School of Computing open canteen a.k.a. Bhawana (බවන). ;)
* Kuppi (කුප්පි): A Sinhala word for vial. But, in university students' subculture, a Kuppi is the act of a student helping his own colleague(s) who haven't been able to understand the lectures completely or partially.
Comments (2)
April 25, 2009 at 1:50 AM
hahah..nice Kuppiya..lol
April 26, 2009 at 7:53 PM
අපිටත් කුප්පි දෙන්න බැරිද? :)
Post a Comment