{"id":479124,"date":"2023-08-09T10:01:33","date_gmt":"2023-08-09T10:01:33","guid":{"rendered":""},"modified":"2023-09-05T11:18:13","modified_gmt":"2023-09-05T11:18:13","slug":"ssl-stripping-attack","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/tr\/wiki\/ssl-stripping-attack\/","title":{"rendered":"SSL s\u0131y\u0131rma sald\u0131r\u0131s\u0131"},"content":{"rendered":"

SSL s\u0131y\u0131rma sald\u0131r\u0131s\u0131, bir sald\u0131rgan\u0131n kurban\u0131n ba\u011flant\u0131lar\u0131n\u0131n d\u00fczeyini HTTPS'den HTTP'ye d\u00fc\u015f\u00fcrd\u00fc\u011f\u00fc bir g\u00fcvenlik ihlali anlam\u0131na gelir. Sald\u0131rgan bunu yaparak, kurban\u0131n g\u00fcvenli oldu\u011funa inand\u0131\u011f\u0131 verileri ele ge\u00e7irebilir, okuyabilir veya de\u011fi\u015ftirebilir. Bu, kullan\u0131c\u0131n\u0131n bilgilerinin tehlikeye at\u0131ld\u0131\u011f\u0131n\u0131 bilmeden ger\u00e7ekle\u015fir.<\/p>\n

SSL Soyma Sald\u0131r\u0131s\u0131n\u0131n K\u00f6keninin Tarihi<\/h2>\n

"SSL s\u0131y\u0131rma" terimi ilk olarak 2009 y\u0131l\u0131nda Black Hat Brifingleri konferans\u0131nda Moxie Marlinspike adl\u0131 bir g\u00fcvenlik ara\u015ft\u0131rmac\u0131s\u0131 taraf\u0131ndan ortaya at\u0131ld\u0131. Marlinspike, g\u00fcvenli HTTPS ba\u011flant\u0131lar\u0131n\u0131 tehlikeye atmak i\u00e7in sald\u0131r\u0131n\u0131n nas\u0131l ger\u00e7ekle\u015ftirilebilece\u011fini g\u00f6sterdi. SSL s\u0131y\u0131rma, SSL\/TLS protokollerinin uygulanmas\u0131ndaki zay\u0131fl\u0131klardan yararlanan daha geni\u015f bir sald\u0131r\u0131 kategorisinin par\u00e7as\u0131d\u0131r.<\/p>\n

SSL S\u0131y\u0131rma Sald\u0131r\u0131s\u0131 Hakk\u0131nda Detayl\u0131 Bilgi<\/h2>\n

SSL ve \u00d6nemi<\/h3>\n

SSL (G\u00fcvenli Yuva Katman\u0131), a\u011f ileti\u015fimini g\u00fcvence alt\u0131na almak i\u00e7in genellikle web taray\u0131c\u0131lar\u0131nda HTTPS olarak uygulanan standart bir protokold\u00fcr. Kullan\u0131c\u0131n\u0131n taray\u0131c\u0131s\u0131 ile sunucu aras\u0131ndaki verileri \u015fifreleyerek gizlili\u011fi ve veri b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc sa\u011flar.<\/p>\n

SSL S\u0131y\u0131rma Sald\u0131r\u0131s\u0131 Nas\u0131l Ger\u00e7ekle\u015ftirilir?<\/h3>\n

SSL s\u0131y\u0131rma sald\u0131r\u0131s\u0131, klasik Ortadaki Adam (MITM) sald\u0131r\u0131 \u00e7er\u00e7evesi i\u00e7inde ger\u00e7ekle\u015fir. Sald\u0131rgan, bir ba\u011flant\u0131y\u0131 HTTPS'den HTTP'ye d\u00fc\u015f\u00fcrerek, taraflardan herhangi birinin fark\u0131na varmadan verileri okuyabilir veya de\u011fi\u015ftirebilir. Bu sald\u0131r\u0131 genellikle halka a\u00e7\u0131k Wi-Fi a\u011flar\u0131n\u0131 ve sald\u0131rgan\u0131n trafi\u011fi kolayca engelleyebilece\u011fi di\u011fer ortamlar\u0131 hedef al\u0131r.<\/p>\n

SSL S\u0131y\u0131rma Sald\u0131r\u0131s\u0131n\u0131n \u0130\u00e7 Yap\u0131s\u0131<\/h2>\n
    \n
  1. Sald\u0131rgan\u0131n Pozisyonu:<\/strong> Sald\u0131rgan\u0131n, genellikle ayn\u0131 a\u011fda bulunarak veya ARP sahtekarl\u0131\u011f\u0131 gibi teknikler kullanarak trafi\u011fi engelleyecek bir konumda olmas\u0131 gerekir.<\/li>\n
  2. HTTP'ye ge\u00e7i\u015f:<\/strong> Sald\u0131rgan, g\u00fcvenli HTTPS ba\u011flant\u0131lar\u0131n\u0131 de\u011fi\u015ftirir ve bunlar\u0131 HTTP ba\u011flant\u0131lar\u0131yla de\u011fi\u015ftirir.<\/li>\n
  3. Verilerin Ele Ge\u00e7irilmesi:<\/strong> HTTP yoluyla g\u00f6nderilen t\u00fcm bilgiler sald\u0131rgan taraf\u0131ndan okunabilir ve bazen de\u011fi\u015ftirilebilir.<\/li>\n
  4. Yeniden \u015fifreleme (iste\u011fe ba\u011fl\u0131):<\/strong> Baz\u0131 geli\u015fmi\u015f sald\u0131r\u0131larda sald\u0131rgan, verileri ama\u00e7lanan sunucuya g\u00f6ndermeden \u00f6nce yeniden \u015fifreleyebilir.<\/li>\n<\/ol>\n

    SSL S\u0131y\u0131rma Sald\u0131r\u0131s\u0131n\u0131n Temel \u00d6zelliklerinin Analizi<\/h2>\n