Simple working example of a Man-in-the-Middle attack


I'm trying to research and patch a TLS renegotiation exploit which makes a website vulnerable to Man-in-the-Middle attacks. However, I don't understand how the attack occurs exactly and feel like a simple working example would help.

How does an attacker append data to a client's request? Why doesn't the server receive it as two requests? Do both the attacker and victim need to be on the same network for this to occur?

Can someone provide a bare-minimum working example that demonstrates a Man-in-the-Middle exploit? Wget, curl, scripts, whatever.

Thanks for your help.

Best Answer

Since you specified TLS renegotiation, I assume you are referring to CVE-2009-3555. Proof of Concept code was published by RedTeam Pentesting and is available from their site:

Additionally, there are youtube videos demonstrating it's use.