Years ago, an apparent Man-In-The-Middle (MITM) Attack on the popular code sharing site github.com occurred, which seemed to originate from China for users trying to traverse the “Great Firewall”. This was strange, as there had been many news stories not even two days before about China blocking and then subsequently unblocking access to github.
Realizing how great an example this was of how CloudShark’s “Packet Surfing” technology can allow people to share detailed information about capture files quickly and easily, we made a new upload of the same trace file and added an annotation showing where the attack happens, and why. Try it for yourself here!:
As you can see, a self signed certificate was presented during the SSL session to github. This is usually only a problem for the unwary, as most browsers and applications should not allow a self signed certificates by default without user acknowledgement.
We linked to an example of a clean SSL conversation in the annotation. Check it out!