Can a man-in-the-middle intercept an SSL packet and duplicate it?

Question

AFAIK, SSL will encrypt the message under secure. But I still have the concern whether or not a man in the middle can catch the packet and duplicate it e.g. 1000 times

Sure, but what do you think he could do with those duplicates? — David Schwartz, Apr 06 '14 at 02:47
I think about cases such as transferring money. So if he can catch the package that A transfer $1000 to B and duplicate it, it will be $2000. But thanks to all the answers and comments so far, I'm pretty sure that's impossible — Lewis LE, Apr 06 '14 at 05:40

score 5 · Answer 1 · answered Apr 06 '14 at 00:29

Application data is broken into small segments (implementation dependent size, usually <=16kb). Then that segment is

Compressed
Given a sequence number
Added a MAC (sequence number included in MAC calculation)
Encrypted
Given an SSL record header that contains the sequence number

Note the role of sequence number in this process. If the man-in-the-middle duplicates one such segment, the received can detect it using the sequence number. And the attacker cannot forge sequence number since it is included in MAC as well as the record header.

Sequence number gives SSL protection against duplication, deletion, reordering and replay attacks.

SSL has a compression feature but it is 'little-used and disabled in most browsers'. — user207421, Apr 06 '14 at 00:41
That is correct. Whether to compress and what algorithm to use in compression is negotiated during the handshake process. — user3155701, Apr 06 '14 at 00:52

score 1 · Answer 2 · answered Apr 05 '14 at 14:27

1

SSL is secure from interception, replay, MITM, and truncation attacks. At least.

answered Apr 05 '14 at 14:27

user207421

305,947
44
307
483

score 1 · Answer 3 · answered Apr 05 '14 at 15:51

Sure, a passive man-in-the-middle attacker can catch the encrypted packet - that's why you do encryption. But because each SSL connection uses a unique encryption key the attacker cannot use this sniffed encrypted packet later to inject it into another connection. And as long as the encryption key is not compromised (which means for RSA key exchange that the private key of the certificate is not compromised) the attacker can not decode the sniffed packet.

Apart from that an active man-in-the-middle attacker might put itself in-between the parties, e.g. instead of Alice talking to Bob Alice will talk to Mallory and Mallory to Bob. To make this impossible you need the identification part of SSL, e.g. certificate checking and verification of the host name (one alone is not enough). Only this makes true end-to-end encryption possible.

Can a man-in-the-middle intercept an SSL packet and duplicate it?

3 Answers3