SSL Eye : How to know if you are the victim of a Man In The Middle attack

"Man In The Middle" is an attack type where the hacker can eavesdrop on the communication between you and a website or app. For example, a Man In The Middle attack between you and your bank's website would allow the attacker to get your login credentials.

The problem with Man in The Middle attacks is that it's not easy to know if you are being spied like that.

That's why the security company Eagle Eye created a free tool: SSL Eye

SSL Eye works by comparing the SSL fingerprints of a website, or several websites, received by remote nodes owned by the Eagle Eye to the one your browser receives.

If the SSL fingerprint is the same for your connection as for the other servers, the SSL connection hasn't been tampered with, and the connection is likely not eavesdropped.

It can also tell you if the website has an EV (Extended Validation) certificate, or even if it has Prefect Forward Secrecy thanks to DHE_RSA or ECDHE_RSA.

Download SSL Eye


Source: ghacks