Monday, October 8, 2012

Attacking XMPP connections

XMPP is a well known protocol used for real-time chat. There are many companies using it, but you already know Facebook and Google because they are the bigger ones.

This protocol has been there for many years, but it seems that just lately (or I was not aware of) some people has started coding tools to perform MITM attacks.

Few weeks ago I came across this nice tool called XMPPloit that is specially written for Google Talk, even though it is not platform specific.  Its main purpose is to proxy the connection between the user and the legitimate server (once we have already performed the MITM e.g. DNS poisoning)  and force the use of a non-encrypted channel with also the option to force plain-text authentication.

Below you can find a nice demonstration in Youtube:




Last week I also came across a similar tool called xmppmitm (via /r/netsec ), but there is not a lot of information and I have not tested it yet.

No comments:

Post a Comment