Request a Demo

What is SSL Sniffing?

SSL sniffing refers to the intercepting and reading of SSL encrypted traffic using an MITM (Man in the Middle) proxy.

Hackers can use this to steal sensitive data from any system/network or to do active eavesdropping and hijack private connections and communications.

What are SSL Certificates?

SSL (Secure Sockets Layer) certificates are used to secure online communication and transactions with encryption. The SSL encryption technology creates encrypted connections between a user/web browser and website/web-server. SSL certificate makes sure that all communication that gets transmitted through a browser/website/server is encrypted and decrypted in such a manner that only the sender and the recipient would be able to see it in the decrypted form.

How SSL Certificate Works?

The SSL Certificate-based encryption-decryption takes place as a multi-step process and includes the following steps-

  • It begins with a browser attempting to connect to an SSL-secured website.
  • The website asks the web server to identify itself.
  • Then the website would respond by identifying itself with a copy of the SSL certificate.
  • The next step is the browser checking if it trusts the SSL certificate. If it does, a message is sent to the server.
  • Then the server responds with a digitally signed acknowledgment to start an SSL encrypted session.

The thoroughly encrypted communication between the user/browser and the website/server commences thereafter...

How SSL/HTTPS Sniffing Happens?

SSL sniffing works in different ways.

In some SSL implementations, the MITM proxy is used to redirect the end user in a communication to a non-HTTPS website and then sniff the non-encrypted traffic in that site. At the same time, requests would be relayed to and from the HTTPS site via a proxy. The man in the middle can alternatively grab the HTTPS traffic and present a valid HTTPS certificate to the end user. The certificate would need to be trusted on the end user machine. This the end user machine would need to be compromised or a trusted certificate has to be obtained. The man in the middle would then relay traffic to the actual HTTPS site and at the same time look at the unencrypted traffic, sitting in the middle of it all.

There is another option too- grabbing the encrypted traffic and recording it, in the hope that in future, technology would help decrypt the data.

Problems Found with SSL Sniffing

There are basic issues associated with SSL sniffing. Some of these include-

  • SSL sniffing happens to be much more widespread than people think or suspect
  • Applications that perform SSL inspection sometimes have flaws that could put users at increased risk
  • Some SSL inspecting software fail to validate certificates of those systems that they connect to and this could result in clients not being able to know if they are connected to a legitimate site or not.
  • Though SSL inspection software issue warning on detecting errors, some SSL inspection software would send client's request to the server prior to sending a warning to the user. The risk involved here is that the hacker would still be able to view and even modify sensitive data.
  • SSL inspection software using the same trusted root certificate for each installation would help a hacker extract the private key from the software and sign all visited sites with the universally trusted root CA certificate.

Comodo SecureBox is the best solution for SSL sniffing. It helps thwart SSL sniffing attempts by detecting malicious SSL connections and telling when someone tries to intercept messages or certificates. This anti-sniffing happens when some hacker tries to get onto a server, sniff out SSL information and tries to recreate the website (for phishing), to add malicious codes (for hacking), to steal information etc.

Comodo SecureBox prevents SSL sniffing by intercepting and verifying certificates, which it does by using Comodo’s trusted root certificate list. Thus it effectively manages to prevent Man-in-the-Middle attacks.