Sampei.Nihira Posted May 25, 2019 Posted May 25, 2019 (edited) I did this test: https://www.trustprobe.com/fs1/download.php?appname=qmc.zip The developer writes that the tool: Quote Use MITM Checker to determine if your system is currently under a MITM attack. The program will connect to a list of major websites and alert on any unknown or unusual certificates used in the SSL handshake. It will detect obvious cases (such as interception by a local proxy, your employer's SSL inspection gateways, or a malware infection), as well as more advanced attacks (for instance, if the cert is valid but originates from an unusual organization/country). The tool is a standalone, browser-independent application. My result is 14 Handshake failure. Can I get 0 Handshake failure? Edited May 25, 2019 by Sampei.Nihira
bluebolt Posted May 25, 2019 Posted May 25, 2019 Fourteen handshake failures here, as well, but does that matter much? I would think that "Detections: 0" would be the important thing.
BTTB Posted May 25, 2019 Posted May 25, 2019 31 Handshake Failures 1 Detection (Host: www.tinyurl.com; Root CA: UTN - DATACorp SGC)
Mathwiz Posted May 25, 2019 Posted May 25, 2019 3 handshake failures on Win 7. I'm guessing the tool uses Microsoft's schannel.dll. If so, ProxHTTPSProxyMII would probably reduce the number of handshake failures on XP.
Sampei.Nihira Posted May 26, 2019 Author Posted May 26, 2019 It is interesting to note that in an XP system with outdated root CA the Handshake failure becomes about 58. @BTTB 1 Detection (Host: www.tinyurl.com; Root CA: UTN - DATACorp SGC) The developer writes that it is a false positive. 1
BTTB Posted May 26, 2019 Posted May 26, 2019 20 hours ago, BTTB said: 31 Handshake Failures 1 Detection (Host: www.tinyurl.com; Root CA: UTN - DATACorp SGC) Windows 7, same machine. Nothing.
IntMD Posted May 26, 2019 Posted May 26, 2019 19 hours ago, Mathwiz said: 3 handshake failures on Win 7. I'm guessing the tool uses Microsoft's schannel.dll. If so, ProxHTTPSProxyMII would probably reduce the number of handshake failures on XP. That's weird, since on build 7601.24441.amd64fre.win7sp1_ldr.190418-1735 all of the handshakes have succeeded, along with the tinyurl root CA being valid (COMODO ECC Certification Authority). Using version 0.39b of the tool and my schannel.dll file version is 6.1.7601.24441
Mathwiz Posted May 26, 2019 Posted May 26, 2019 I ran it again on Win 7, to see which three failed. But I got zero handshake failures this time, so the failures must've been intermittent and/or server-side.
Mathwiz Posted May 28, 2019 Posted May 28, 2019 On 5/25/2019 at 2:55 PM, Mathwiz said: I'm guessing the tool uses Microsoft's schannel.dll. If so, ProxHTTPSProxyMII would probably reduce the number of handshake failures on XP. Zero handshake failures, sure enough; but naturally everything comes up ALERT since ProxHTTPSProxyMII is a MITM by design.
Vistaboy Posted May 31, 2019 Posted May 31, 2019 I made it run but it didn't even start. In task manager i see one process qmc.exe appearing and after 1 second disappearing by itself. Is it a good sign?
Mathwiz Posted May 31, 2019 Posted May 31, 2019 That's strange; I just re-downloaded it and now it's not working for me either. Did the file get changed in the last few days? It's not supposed to work that way. Should open a window, query the top 100 web sites, and the status of each should scroll up the window.
Sampei.Nihira Posted May 31, 2019 Author Posted May 31, 2019 1 hour ago, Vistaboy said: I made it run but it didn't even start. In task manager i see one process qmc.exe appearing and after 1 second disappearing by itself. Is it a good sign? The new version released today does not run on Windows XP. I have already communicated this to the developer. 1
VistaLover Posted June 1, 2019 Posted June 1, 2019 11 hours ago, Sampei.Nihira said: The new version released today does not run on Windows XP. ... FWIW, v0.41b runs fine under Vista SP2 32-bit ; previous v0.39b checked against 100 hosts, this newer version checks against 200 ! (0 detections in my system ) 11 hours ago, Sampei.Nihira said: I have already communicated this to the developer. ... Might be also worth to "communicate" the app's bugged GUI, at least in Vista : very elongated window, with no-way to resize, minimize and/or maximize...
IntMD Posted June 1, 2019 Posted June 1, 2019 (edited) Just have rechecked the recently released v0.42b of the app on Windows 7 Enterprise build 7601.24441, and from the (updated) 200 hosts two of them had the ALERT result: Amazon and PayPal. Both of them shared the VeriSign Class 3 Public Primary CA - G5 Root CA with the thumbprint being "4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5". Can someone recheck this version of the app to see if the same alert results will also be detected, just to be sure it's not a false alarm or something? Many thanks. Picrel below showing the results with the ALERT ones on the top. Edited June 1, 2019 by IntMD
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now