Please help!!!!. SSL MITM and JAVA APPLET

Question

1.00/5 (1 vote)

See more:

0 down vote favorite

I'm currently working on a project which involves building a digital fortress on the client side(Browser) to mitigate against Man-in-the-middle attacks on SSL's PKI infrastructure. Though they're numerous possibilities of mounting man-in-the-middle attacks on SSL connections but i'm meant to focus on the issues with the PKI infrastructure and also taking the system's performance into consideration.

After doing a wee bit of research these are the following task i think i'm set out to achieve

Ascertaining the validity period of a certificate by checking its validity period and checking if a certificate's serial number exists in a CRL list
Disabling MD5 for certificate checking
Ensuring the server the client(Browser) is connecting to is the real server. Can this be achieved by a URL or by simply by doing a DNS lookup?, because i think both URL and DNS are not also secured to some extent. I'm thinking of this web server fingerprinting thing but yet i still need a repository to check with.What else can i use??
Certificate Fingerprint. Are they any certificate hash or fingerprint repository that are trusted that i can lookup the fingerprints of certificate??.

What else do i need to check to stop man-in-the-middle attacks??

i intend to use a java Applet embedded in a browser to handle this task and so i know it is impossible to connect to a web server without the website's login page. The issue is how can i make a test connection to the server using my Applet embedded page just to get the server's certificate or better still is it possible to do a connection using the website's login page and terminating the SSL handshake after the server sends a certificate so the Applet just go into the certificate store to retrieve the certificate and analyze the certificate to safeguard against Man-in-the-middle attack. As i've said i would like to use java build the solution because it is widely speculated that java applet are more faster than javascripts. And also browser extensions are mostly platform dependent which is not in the case of java Applets. Can this be a performance yardstick??

Posted 29-Jul-13 23:54pm

rookiemate

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)