E-Detective HTTPS/SSL Interception

1
E-Detective HTTPS/SSL Interception MITM
Proxy

• Decision Group
• www.edecision4u.com

2
Introduction to HTTPS/SSL Interception
HTTPS/SSL Interception Appliance (Software
Hardware) User can opt to purchase only software
from us and use their own hardware/server.

• Intercept HTTPS/SSL traffic (connection sessions)
  by MITM attack or by Proxy setup.
• HTTPS/SSL Interception by MITM mode is carried
  out utilizing both DNS and ARP attacks.
• HTTPS web pages on targeted user can be
  decrypted, decoded and reconstructed. Username
  and password can also be obtained for Web Login.
• Apply to standard HTTPS/SSL traffic without
  additional security.
• HTTPS/SSL Interception by Proxy mode required the
  target users Web Browser to be pre-configured to
  use the Proxy service.

Solution for Lawful Enforcement Agencies (Police
Intelligence, Military Intelligence, National
Security, Counter Terrorism, etc) and corporate
organizations.
3
HTTPS/SSL Interception By MITM Attack
Intercept and reconstruct HTTPS/SSL traffic.
Obtain HTTPS page login username and password.
Intercept on specific targets (suspects)
4
HTTPS/SSL Interception By MITM Attack

• HTTPS/SSL Interception by MITM mode is carried
  out utilizing both DNS and ARP attacks.
• HTTPS web pages on targeted user can be
  decrypted, decoded and reconstructed. Username
  and password can also be obtained for Web Login.
• Target User (Suspect) IP Address must be known or
  pre-configured in the setup of HTTPS/SSL
  Interception system.
• Target Website Links (URLs) must also be
  pre-configured.
• Concurrently attack up to 5 users (Optional for
  more users).
• Apply to standard HTTPS/SSL traffic without
  additional security.

To view encrypted content, a key is a needed
5
HTTPS/SSL Interception By Proxy Method
6
HTTPS/SSL Interception By Proxy Method

• HTTPS/SSL Interception by Proxy implementation.
• Proxy pre-configured on the targeted user(s)
  Web Browser is required.
• HTTPS/SSL Interception by Proxy implementation
  can supports other protocols capturing and
  reconstruction besides HTTPS/SSL traffic.
• Some supported protocols are Webmail (Yahoo
  Mail, Gmail, Hotmail etc.), IM (Yahoo, MSN, ICQ,
  IRC, QQ, Web MSN, Web Yahoo etc.), HTTP Web
  Browsing, P2P and Online Games).
• Can be implemented to a group of users (more than
  100 concurrent interception)
• HTTPS/SSL decryption only apply to standard
  HTTPS/SSL traffic without additional security.

To view encrypted content, a key is a needed
7
HTTPS/SSL Interception Proxy Implementation
Protocols Supported
8
Sample Webmail (Read and Sent)
9
Sample IM (Yahoo, MSN, ICQ etc.)
10
Sample HTTP Link and HTTP Content
11
References Implementation Sites and Customers

• Criminal Investigation Bureau
• The Bureau of Investigation Ministry of Justice
• National Security Agency (Bureau) in various
  countries
• Intelligence Agency in various countries
• Ministry of Defense in various countries
• Counter/Anti Terrorism Department
• National Police, Royal Police in various
  countries
• Government Ministries in various countries
• Federal Investigation Bureau in various countries
• Telco/Internet Service Provider in various
  countries
• Banking and Finance organizations in various
  countries
• Others
• Notes Due to confidentiality of this
  information, the exact name and countries of the
  various organizations cannot be revealed.

12
Thank You !
Decision Group For more information about
HTTPS/SSL Interception system, please contact
decision_at_decision.com.tw. Product demonstrations
can be arranged.