Packet Analysis

MITM Attack Capture Shared Through CloudShark

1 min read

Years ago, an apparent Man-In-The-Middle (MITM) Attack on the popular code sharing site github.com occurred, which seemed to originate from China for users trying to traverse the “Great Firewall”. This was strange, as there had been many news stories not even two days before about China blocking and then subsequently unblocking access to github.

Whatever the reason, a subject of the attack was able to create a packet trace of it, and uploaded it to our free cloudshark.org site. You can see the original capture here.

Realizing how great an example this was of how CloudShark’s “Packet Surfing” technology can allow people to share detailed information about capture files quickly and easily, we made a new upload of the same trace file and added an annotation showing where the attack happens, and why. Try it for yourself here!:

https://www.cloudshark.org/captures/670312cdfa1b

As you can see, a self signed certificate was presented during the SSL session to github. This is usually only a problem for the unwary, as most browsers and applications should not allow a self signed certificates by default without user acknowledgement.

We linked to an example of a clean SSL conversation in the annotation. Check it out!

Get articles like this in your inbox: