SSL Eye: Check if you are the victim of a Man in the Middle attack
It can be quite difficult to determine whether you are the victim of a Man in the Middle attack.
Eavesdropping is a common Man in the Middle attack type in which communication between two parties is relayed to record the data that is transferred between both parties.
SSL Eye is a free software program for Windows that provides you with a set of tools that help you determine whether you are the victim of a Man in the Middle attack.
The main idea behind the program is to use independent servers to query websites you are communicating with to determine their SSL fingerprint and compare it against the SSL fingerprint that your computer gets when you run the same query.
The program has two main modes of operation. You may query a single website at any time to get SSL fingerprint information and a couple of other information, or use the bulk queue tool to check multiple websites instead.
To check a single site, simply type its address into the form at the top. It needs to be noted that this works only on https sites and not http sites.
Once you have entered the address hit the run button to start the scan. SSL Eye queries servers in several countries including Germany, the UK and US, and displays host IP and SSL fingerprint results afterwards.
All that is left to do is check the fingerprints against the local fingerprint. If you got at least one match, you are not the victim of a Man in the Middle attack.
The program checks for perfect forward secrecy as well and some other values. Perfect Forward Secrecy is indicated with a green checkmark, the other values, connection encryption, key exchange, message authentication and issued by are listed when you select a server from the listing.
The multiple websites query tool works the same but allows you to load addresses in bulk instead. Just click load, select the predefined websites or a custom listing and hit scan afterwards.
The program scans all sites and displays the same information that it displays when you query a single site.
The application comes with two keyboard shortcuts to scan addresses selected in other programs. Copy a single address to the clipboard and hit Ctrl-Shift-S to have it scanned by the program. While you don't get to see the scan itself, you will receive a small overlay that tells you if your connection to that site is secure.
SSL Eye is a handy program for Windows as it provides you with a tool to check secure connections against Man in the Middle attacks. While it is not automated, it may be useful at times when you want to make sure the connection is secure.
I used to use HTTPS Fingerprints on Steve Gibson’s GRC site for something like this. This SSL Eye looks interesting. I’m going to check it out. Thanks, Martin!
On some: “mail.google.com” and “youtube.com” I am getting a red exclamation point (& different SSL fingerprint) under “Your Local ISP”.
Does that mean that my ISP is the “Man in the Middle” attack?
No, not necessarily. Large companies make use of lots of servers and certificates which means that the tool won’t be able to check them all to display all fingerprints. Check out this page for additional information (what can go wrong): https://www.grc.com/fingerprints.htm
Wow… kinda useless tool.
Not really. While it may not work at all times on very popular sites, it will work on regional sites such as banking sites for example.
Well; apart from the possibility that Google and such websites may not quite be the most trustworthy sorts available, of course! ;)
Want to try, but it crashed my computer completely. No BSOD, just black screen. Does anyone have same problem?
It may be that everyone knows, but it would be a good idea to explain that a Man in the Middle attack usually (always?) comes about through using an unencrypted Wi-Fi wireless access point. That an “attacker” can easily get around around 2WAY authentication and compromise a connection between two parties who think they are directly communicating with each other..
“… help you determine whether your the victim…”
“… help you determine whether you’re the victim…”
Not true. Look at that recent Lenovo superfish spyware.
hi when i use this programme it worked fine till a few days ago..
when i do a scan now it doesnt scan the servers usa, uk 2, netherlands and my local isp stays blanc..any suggestions of what could be wrong here?
it does it at every webside i enter