Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Recommended Posts

Posted (edited)

I did this test:

 

https://www.trustprobe.com/fs1/download.php?appname=qmc.zip

The developer writes that the tool:

Quote

Use MITM Checker to determine if your system is currently under a MITM attack. The program will connect to a list of major websites and alert on any unknown or unusual certificates used in the SSL handshake.

It will detect obvious cases (such as interception by a local proxy, your employer's SSL inspection gateways, or a malware infection), as well as more advanced attacks (for instance, if the cert is valid but originates from an unusual organization/country).

The tool is a standalone, browser-independent application.

My result is 14 Handshake failure.

Can I get 0 Handshake failure?

 

Edited by Sampei.Nihira

Share this post


Link to post
Share on other sites

Fourteen handshake failures here, as well, but does that matter much?  I would think that "Detections: 0" would be the important thing.

Share this post


Link to post
Share on other sites

31 Handshake Failures 

1 Detection (Host: www.tinyurl.com; Root CA: UTN - DATACorp SGC)

Share this post


Link to post
Share on other sites

3 handshake failures on Win 7. I'm guessing the tool uses Microsoft's schannel.dll. If so, ProxHTTPSProxyMII would probably reduce the number of handshake failures on XP.

Share this post


Link to post
Share on other sites

It is interesting to note that in an XP system with outdated root CA the Handshake failure becomes about 58.

@BTTB

1 Detection (Host: www.tinyurl.com; Root CA: UTN - DATACorp SGC)

The developer writes that it is a false positive.

  • Like 1

Share this post


Link to post
Share on other sites

Only one handshake failure on Windows 10 1809.

Share this post


Link to post
Share on other sites
20 hours ago, BTTB said:

31 Handshake Failures 

1 Detection (Host: www.tinyurl.com; Root CA: UTN - DATACorp SGC)

Windows 7, same machine. Nothing.

Share this post


Link to post
Share on other sites
19 hours ago, Mathwiz said:

3 handshake failures on Win 7. I'm guessing the tool uses Microsoft's schannel.dll. If so, ProxHTTPSProxyMII would probably reduce the number of handshake failures on XP.

That's weird, since on build 7601.24441.amd64fre.win7sp1_ldr.190418-1735 all of the handshakes have succeeded, along with the tinyurl root CA being valid (COMODO ECC Certification Authority). Using version 0.39b of the tool and my schannel.dll file version is 6.1.7601.24441

Share this post


Link to post
Share on other sites

I ran it again on Win 7, to see which three failed. But I got zero handshake failures this time, so the failures must've been intermittent and/or server-side.

Share this post


Link to post
Share on other sites
On 5/25/2019 at 2:55 PM, Mathwiz said:

I'm guessing the tool uses Microsoft's schannel.dll. If so, ProxHTTPSProxyMII would probably reduce the number of handshake failures on XP.

Zero handshake failures, sure enough; but naturally everything comes up ALERT since ProxHTTPSProxyMII is a MITM by design.

Share this post


Link to post
Share on other sites

I made it run but it didn't even start. In task manager i see one process qmc.exe appearing and after 1 second disappearing by itself.

Is it a good sign?

Share this post


Link to post
Share on other sites

That's strange; I just re-downloaded it and now it's not working for me either. Did the file get changed in the last few days?

It's not supposed to work that way. Should open a window, query the top 100 web sites, and the status of each should scroll up the window.

Share this post


Link to post
Share on other sites
1 hour ago, Vistaboy said:

I made it run but it didn't even start. In task manager i see one process qmc.exe appearing and after 1 second disappearing by itself.

Is it a good sign?

The new version released today does not run on Windows XP.
I have already communicated this to the developer.

  • Like 1

Share this post


Link to post
Share on other sites
11 hours ago, Sampei.Nihira said:

The new version released today does not run on Windows XP.

... FWIW, v0.41b runs fine under Vista SP2 32-bit ;) ; previous v0.39b checked against 100 hosts, this newer version checks against 200 ! (0 detections in my system :P)

11 hours ago, Sampei.Nihira said:

I have already communicated this to the developer.

... Might be also worth to "communicate" the app's bugged GUI, at least in Vista :angry:: very elongated window, with no-way to resize, minimize and/or maximize...

R9kADZE.jpg

Share this post


Link to post
Share on other sites
Posted (edited)

Just have rechecked the recently released v0.42b of the app on Windows 7 Enterprise build 7601.24441, and from the (updated) 200 hosts two of them had the ALERT result: Amazon and PayPal. Both of them shared the VeriSign Class 3 Public Primary CA - G5 Root CA with the thumbprint being "4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5".

Can someone recheck this version of the app to see if the same alert results will also be detected, just to be sure it's not a false alarm or something? Many thanks. Picrel below showing the results with the ALERT ones on the top.

image.thumb.png.bca5270738b1f609663ef469ea9b65b5.png

Edited by IntMD

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...