Prevent fake bank connections - Confidentiality + Integrity Break
Issue
The ATM does not check the certificate of the bank thus making tampering with the atm requests possible. This attack uses a self signed ssl certificate to establish a connection to the atm. The atm doesn't check if the certificate is the bank certificate and thus we can act like we are the bank. On the other end we can just act as we are the atm towards the bank and thus read the entire traffic.
Input
{"input":["-p", "%PORT%", "-i", "%IP%", "-a", "%ACCOUNT%", "-n", "10.00"],"base64":false}
Target Breaks
- 250_16_cert_validation_18
- 399_16_change_atm_action_2
- 767_break-16-confidentiality-7
Hint
Update ssl context wrapper to use existing certificate on atm side, instead of asking it from bank on initial handshake.
https://carlo-hamalainen.net/2013/01/24/python-ssl-socket-echo-test-with-self-signed-certificate/