{"id":479124,"date":"2023-08-09T10:01:33","date_gmt":"2023-08-09T10:01:33","guid":{"rendered":""},"modified":"2023-09-05T11:18:13","modified_gmt":"2023-09-05T11:18:13","slug":"ssl-stripping-attack","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/vn\/wiki\/ssl-stripping-attack\/","title":{"rendered":"T\u1ea5n c\u00f4ng t\u01b0\u1edbc SSL"},"content":{"rendered":"

Cu\u1ed9c t\u1ea5n c\u00f4ng t\u01b0\u1edbc b\u1ecf SSL \u0111\u1ec1 c\u1eadp \u0111\u1ebfn m\u1ed9t h\u00e0nh vi vi ph\u1ea1m b\u1ea3o m\u1eadt trong \u0111\u00f3 k\u1ebb t\u1ea5n c\u00f4ng h\u1ea1 c\u1ea5p k\u1ebft n\u1ed1i c\u1ee7a n\u1ea1n nh\u00e2n t\u1eeb HTTPS xu\u1ed1ng HTTP. B\u1eb1ng c\u00e1ch \u0111\u00f3, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 ch\u1eb7n, \u0111\u1ecdc ho\u1eb7c s\u1eeda \u0111\u1ed5i d\u1eef li\u1ec7u m\u00e0 n\u1ea1n nh\u00e2n cho l\u00e0 an to\u00e0n. \u0110i\u1ec1u n\u00e0y x\u1ea3y ra m\u00e0 ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng bi\u1ebft r\u1eb1ng th\u00f4ng tin c\u1ee7a h\u1ecd \u0111ang b\u1ecb x\u00e2m ph\u1ea1m.<\/p>\n

L\u1ecbch s\u1eed ngu\u1ed3n g\u1ed1c c\u1ee7a cu\u1ed9c t\u1ea5n c\u00f4ng t\u01b0\u1edbc SSL<\/h2>\n

Thu\u1eadt ng\u1eef \u201ct\u01b0\u1edbc SSL\u201d l\u1ea7n \u0111\u1ea7u ti\u00ean \u0111\u01b0\u1ee3c \u0111\u1eb7t ra b\u1edfi m\u1ed9t nh\u00e0 nghi\u00ean c\u1ee9u b\u1ea3o m\u1eadt t\u00ean l\u00e0 Moxie Marlinspike t\u1ea1i h\u1ed9i ngh\u1ecb Black Hat Briefings n\u0103m 2009. Marlinspike \u0111\u00e3 ch\u1ee9ng minh c\u00e1ch th\u1ef1c hi\u1ec7n cu\u1ed9c t\u1ea5n c\u00f4ng \u0111\u1ec3 x\u00e2m ph\u1ea1m c\u00e1c k\u1ebft n\u1ed1i HTTPS an to\u00e0n. T\u01b0\u1edbc SSL l\u00e0 m\u1ed9t ph\u1ea7n c\u1ee7a danh m\u1ee5c t\u1ea5n c\u00f4ng r\u1ed9ng h\u01a1n nh\u1eb1m l\u1ee3i d\u1ee5ng \u0111i\u1ec3m y\u1ebfu trong vi\u1ec7c tri\u1ec3n khai giao th\u1ee9c SSL\/TLS.<\/p>\n

Th\u00f4ng tin chi ti\u1ebft v\u1ec1 cu\u1ed9c t\u1ea5n c\u00f4ng t\u01b0\u1edbc SSL<\/h2>\n

SSL v\u00e0 t\u1ea7m quan tr\u1ecdng c\u1ee7a n\u00f3<\/h3>\n

SSL (L\u1edbp c\u1ed5ng b\u1ea3o m\u1eadt) l\u00e0 giao th\u1ee9c chu\u1ea9n \u0111\u1ec3 b\u1ea3o m\u1eadt li\u00ean l\u1ea1c m\u1ea1ng, th\u01b0\u1eddng \u0111\u01b0\u1ee3c tri\u1ec3n khai d\u01b0\u1edbi d\u1ea1ng HTTPS trong tr\u00ecnh duy\u1ec7t web. N\u00f3 m\u00e3 h\u00f3a d\u1eef li\u1ec7u gi\u1eefa tr\u00ecnh duy\u1ec7t c\u1ee7a ng\u01b0\u1eddi d\u00f9ng v\u00e0 m\u00e1y ch\u1ee7, \u0111\u1ea3m b\u1ea3o quy\u1ec1n ri\u00eang t\u01b0 v\u00e0 to\u00e0n v\u1eb9n d\u1eef li\u1ec7u.<\/p>\n

C\u00e1ch ti\u1ebfn h\u00e0nh cu\u1ed9c t\u1ea5n c\u00f4ng t\u01b0\u1edbc SSL<\/h3>\n

Cu\u1ed9c t\u1ea5n c\u00f4ng t\u01b0\u1edbc SSL di\u1ec5n ra trong khu\u00f4n kh\u1ed5 t\u1ea5n c\u00f4ng Man-in-the-Middle (MITM) c\u1ed5 \u0111i\u1ec3n. B\u1eb1ng c\u00e1ch h\u1ea1 c\u1ea5p k\u1ebft n\u1ed1i t\u1eeb HTTPS xu\u1ed1ng HTTP, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 \u0111\u1ecdc ho\u1eb7c s\u1eeda \u0111\u1ed5i d\u1eef li\u1ec7u m\u00e0 kh\u00f4ng b\u00ean n\u00e0o nh\u1eadn ra. Cu\u1ed9c t\u1ea5n c\u00f4ng n\u00e0y th\u01b0\u1eddng nh\u1eafm v\u00e0o c\u00e1c m\u1ea1ng Wi-Fi c\u00f4ng c\u1ed9ng v\u00e0 c\u00e1c m\u00f4i tr\u01b0\u1eddng kh\u00e1c n\u01a1i k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 ch\u1eb7n l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp m\u1ed9t c\u00e1ch d\u1ec5 d\u00e0ng.<\/p>\n

C\u1ea5u tr\u00fac b\u00ean trong c\u1ee7a cu\u1ed9c t\u1ea5n c\u00f4ng t\u01b0\u1edbc SSL<\/h2>\n
    \n
  1. V\u1ecb tr\u00ed c\u1ee7a k\u1ebb t\u1ea5n c\u00f4ng:<\/strong> K\u1ebb t\u1ea5n c\u00f4ng c\u1ea7n ph\u1ea3i c\u00f3 kh\u1ea3 n\u0103ng ch\u1eb7n l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp, th\u01b0\u1eddng \u0111\u1ea1t \u0111\u01b0\u1ee3c b\u1eb1ng c\u00e1ch \u1edf tr\u00ean c\u00f9ng m\u1ed9t m\u1ea1ng ho\u1eb7c s\u1eed d\u1ee5ng c\u00e1c k\u1ef9 thu\u1eadt nh\u01b0 gi\u1ea3 m\u1ea1o ARP.<\/li>\n
  2. H\u1ea1 c\u1ea5p xu\u1ed1ng HTTP:<\/strong> K\u1ebb t\u1ea5n c\u00f4ng s\u1eeda \u0111\u1ed5i c\u00e1c li\u00ean k\u1ebft HTTPS an to\u00e0n v\u00e0 thay th\u1ebf ch\u00fang b\u1eb1ng c\u00e1c li\u00ean k\u1ebft HTTP.<\/li>\n
  3. Ch\u1eb7n d\u1eef li\u1ec7u:<\/strong> T\u1ea5t c\u1ea3 th\u00f4ng tin \u0111\u01b0\u1ee3c g\u1eedi qua HTTP \u0111\u1ec1u c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c \u0111\u1ecdc v\u00e0 \u0111\u00f4i khi \u0111\u01b0\u1ee3c s\u1eeda \u0111\u1ed5i b\u1edfi k\u1ebb t\u1ea5n c\u00f4ng.<\/li>\n
  4. M\u00e3 h\u00f3a l\u1ea1i (t\u00f9y ch\u1ecdn):<\/strong> Trong m\u1ed9t s\u1ed1 cu\u1ed9c t\u1ea5n c\u00f4ng n\u00e2ng cao, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 m\u00e3 h\u00f3a l\u1ea1i d\u1eef li\u1ec7u tr\u01b0\u1edbc khi g\u1eedi n\u00f3 \u0111\u1ebfn m\u00e1y ch\u1ee7 d\u1ef1 \u0111\u1ecbnh.<\/li>\n<\/ol>\n

    Ph\u00e2n t\u00edch c\u00e1c t\u00ednh n\u0103ng ch\u00ednh c\u1ee7a cu\u1ed9c t\u1ea5n c\u00f4ng t\u01b0\u1edbc SSL<\/h2>\n