SSL Eye: Check if you are the victim of a Man in the Middle attack - gHacks Tech News

SSL Eye: Check if you are the victim of a Man in the Middle attack

It can be quite difficult to determine whether you are the victim of a Man in the Middle attack.

Eavesdropping is a common Man in the Middle attack type in which communication between two parties is relayed to record the data that is transferred between both parties.

SSL Eye is a free software program for Windows that provides you with a set of tools that help you determine whether you are the victim of a Man in the Middle attack.

The main idea behind the program is to use independent servers to query websites you are communicating with to determine their SSL fingerprint and compare it against the SSL fingerprint that your computer gets when you run the same query.

ssl eye

The program has two main modes of operation. You may query a single website at any time to get SSL fingerprint information and a couple of other information, or use the bulk queue tool to check multiple websites instead.

To check a single site, simply type its address into the form at the top. It needs to be noted that this works only on https sites and not http sites.

Once you have entered the address hit the run button to start the scan. SSL Eye queries servers in several countries including Germany, the UK and US, and displays host IP and SSL fingerprint results afterwards.

All that is left to do is check the fingerprints against the local fingerprint. If you got at least one match, you are not the victim of a Man in the Middle attack.

The program checks for perfect forward secrecy as well and some other values. Perfect Forward Secrecy is indicated with a green checkmark, the other values, connection encryption, key exchange, message authentication and issued by are listed when you select a server from the listing.

The multiple websites query tool works the same but allows you to load addresses in bulk instead. Just click load, select the predefined websites or a custom listing and hit scan afterwards.

check websites

The program scans all sites and displays the same information that it displays when you query a single site.

The application comes with two keyboard shortcuts to scan addresses selected in other programs. Copy a single address to the clipboard and hit Ctrl-Shift-S to have it scanned by the program. While you don't get to see the scan itself, you will receive a small overlay that tells you if your connection to that site is secure.

Closing Words

SSL Eye is a handy program for Windows as it provides you with a tool to check secure connections against Man in the Middle attacks. While it is not automated, it may be useful at times when you want to make sure the connection is secure.

Summary
software image
Author Rating
1star1star1star1star1star
no rating based on 0 votes
Software Name
SSL Eye
Operating System
Windows
Landing Page

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Hy said on August 6, 2015 at 11:41 pm
    Reply

    I used to use HTTPS Fingerprints on Steve Gibson’s GRC site for something like this. This SSL Eye looks interesting. I’m going to check it out. Thanks, Martin!

  2. Jay said on August 6, 2015 at 11:42 pm
    Reply

    On some: “mail.google.com” and “youtube.com” I am getting a red exclamation point (& different SSL fingerprint) under “Your Local ISP”.
    Does that mean that my ISP is the “Man in the Middle” attack?

    1. Martin Brinkmann said on August 7, 2015 at 7:26 am
      Reply

      No, not necessarily. Large companies make use of lots of servers and certificates which means that the tool won’t be able to check them all to display all fingerprints. Check out this page for additional information (what can go wrong): https://www.grc.com/fingerprints.htm

      1. Anonymous said on August 7, 2015 at 3:35 pm
        Reply

        Wow… kinda useless tool.

      2. Martin Brinkmann said on August 7, 2015 at 3:49 pm
        Reply

        Not really. While it may not work at all times on very popular sites, it will work on regional sites such as banking sites for example.

      3. Anonymous said on August 27, 2015 at 10:50 am
        Reply

        Well; apart from the possibility that Google and such websites may not quite be the most trustworthy sorts available, of course! ;)

  3. Kagalu said on August 7, 2015 at 12:09 pm
    Reply

    Want to try, but it crashed my computer completely. No BSOD, just black screen. Does anyone have same problem?

  4. Annom said on August 8, 2015 at 8:26 am
    Reply

    It may be that everyone knows, but it would be a good idea to explain that a Man in the Middle attack usually (always?) comes about through using an unencrypted Wi-Fi wireless access point. That an “attacker” can easily get around around 2WAY authentication and compromise a connection between two parties who think they are directly communicating with each other..

    Also,
    “… help you determine whether your the victim…”
    should be
    “… help you determine whether you’re the victim…”

    1. Jake said on August 13, 2015 at 2:59 am
      Reply

      Not true. Look at that recent Lenovo superfish spyware.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.