MITM aka Man in the Middle

Even though I am not a man, I do not mind sitting in the middle. Nor, it seems, do my neighbours mind me being there. I am amazed how many people will click OK or whatever Internet Explorer throws up when an "insecure" certificate is thrown at them. My Certificate is crap, all that is valid is the date. Yet the logs are filling up with passwords for all sorts of things.

The Program

I am using "mitm-ssl" as presented here: http://gswp.prisma-mampu.gov.my/archiveTools.do?catId=111&sortId=Alphabet

Apart from a tendency to segfault, this works quite well. It is a shame that it does not generate certificates on the fly though, like Cain does.

What does not work is Microsoft's Messenger. This does not do a one-off authentication, and does not like my certificate at all. It doesn't show any prompts to ask the user to accept the certificate, it just doesn't connect. However, what it does do is call home to ask Bill if there's a new certificate list, and I think there might be an opening here. After all, I ownz the DNS, so I could serve my own certificate revocation list thingy, and let that be silently installed. Still working on this, though.