Click here to Skip to main content
15,851,387 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
0 down vote favorite

I'm currently working on a project which involves building a digital fortress on the client side(Browser) to mitigate against Man-in-the-middle attacks on SSL's PKI infrastructure. Though they're numerous possibilities of mounting man-in-the-middle attacks on SSL connections but i'm meant to focus on the issues with the PKI infrastructure and also taking the system's performance into consideration.

After doing a wee bit of research these are the following task i think i'm set out to achieve

Ascertaining the validity period of a certificate by checking its validity period and checking if a certificate's serial number exists in a CRL list
Disabling MD5 for certificate checking
Ensuring the server the client(Browser) is connecting to is the real server. Can this be achieved by a URL or by simply by doing a DNS lookup?, because i think both URL and DNS are not also secured to some extent. I'm thinking of this web server fingerprinting thing but yet i still need a repository to check with.What else can i use??
Certificate Fingerprint. Are they any certificate hash or fingerprint repository that are trusted that i can lookup the fingerprints of certificate??.

What else do i need to check to stop man-in-the-middle attacks??

i intend to use a java Applet embedded in a browser to handle this task and so i know it is impossible to connect to a web server without the website's login page. The issue is how can i make a test connection to the server using my Applet embedded page just to get the server's certificate or better still is it possible to do a connection using the website's login page and terminating the SSL handshake after the server sends a certificate so the Applet just go into the certificate store to retrieve the certificate and analyze the certificate to safeguard against Man-in-the-middle attack. As i've said i would like to use java build the solution because it is widely speculated that java applet are more faster than javascripts. And also browser extensions are mostly platform dependent which is not in the case of java Applets. Can this be a performance yardstick??

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900