SSL Eye Protects You From Prism

SSL Eye Protects You From Prism

SSL Eye is a unique tool that is designed in a way it can detect man in the middle spying, by comparing of single or multiple sites across many remote nodes that are owned and managed by EEDS located in different countries such as Singapore, USA, UK, Germany and Netherlands. This is done by comparing the other nodes finger prints results with yours that comes through your local ISP. Additionally the tool will tell you if the site is using Extended Validation () certificates or perfect forward secrecy through the key exchange mechanism such as DHE_RSA or ECDHE_RSA which is currently being used by Google Inc. We have also implemented global short-cut keys on the application that allows you to copy a site from the browser address bar and call it for instant scan to check if you are a victim of Man in The Middle Attack (). Where normally attackers listen to your communication channel in a public key exchange re-sends the keys on your behalf, substituting his own fake keys for the requested one, so that the two original parties (you and your bank) will still appear to be communicating with each other. (view screenshots 123).

SSL Eye offers:

  • Retrieve fingerprint of any given domain from single or multiple sites with support.
  • Check if the site is using Validation (EV) certificates.
  • Check if the site is implementing forward secrecy on key exchange.
  • Export results into HTML report.
  • Sound alerts for invalid certificates.
  • Scan with global keys from clipboard without user interaction.
  • scan multiple domains simultaneously.

 

SSlEYE

SSL Eye.


 

Product Name: SSL Eye
PC World Rating: (4.9/5)
User Rating: (5/5)
Usage: Freeware
Version: 1.6
Size: 5.33 MB
Updated on: 8.11.2014
Platform: Microsoft Windows

download_btn
 


 
What if you find out that you are a victim and the fingerprint does not match with all other nodes ? Or you are worried about Prism ? Well the answer is use Stealth Walker it will protect and encrypt all your traffic.
 


 

Digiprove sealCopyright protected by Digiprove © 2013-2016 Eagle Eye Digital Solutions
JOIN OUR NEWSLETTER
Amazing people have subscribed to our newsletter — and you’re amazing too!
We hate spam. Your email address will not be sold or shared with anyone else.
The following two tabs change content below.
Warith Al Maawali
W. AL Maawali is the Founder and Chief Editor of Eagle Eye Digital Solutions from the Sultanate of Oman with over 20 years experience in Security and Digital Forensics. He is also the Founder of om77.net.
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
In public-key cryptography, a public key fingerprint is a short sequence of bytes used to authenticate or look up a longer public key. Fingerprints are created by applying a cryptographic hash function to a public key. Since fingerprints are shorter than the keys they refer to, they can be used to simplify certain key management tasks. In Microsoft software, “thumbprint” is used instead of “fingerprint.”
Extended Validation (EV) is a standard, rigorous way of verifying identity information and the authority of individuals who request an SSL certificate. EV was established by the CA/Browser Forum, an association of certificate authorities and web browser vendors.
The man-in-the middle attack intercepts a communication between two systems. For example, in an http transaction the target is the TCP connection between client and server. Using different techniques, the attacker splits the original TCP connection into 2 new connections, one between the client and the attacker and the other between the attacker and the server, as shown in figure 1. Once the TCP connection is intercepted, the attacker acts as a proxy, being able to read, insert and modify the data in the intercepted communication.
Server Name Indication (SNI) is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process.
Extended Validation (EV) is a standard, rigorous way of verifying identity information and the authority of individuals who request an SSL certificate. EV was established by the CA/Browser Forum, an association of certificate authorities and web browser vendors.
In cryptography, forward secrecy (abbreviation: FS, also known as perfect forward secrecy or PFS) is a property of key-agreement protocols ensuring that a session key derived from a set of long-term keys cannot be compromised if one of the long-term keys is compromised in the future.
Multithreading is the ability of a program or an operating system process to manage its use by more than one user at a time and to even manage multiple requests by the same user without having to have multiple copies of the programming running in the computer.

28 comments

  1. When i check any domain like google.com or youtube.com it only shows Singapore certificate and then stops…

  2. Deadwalker

    Hi,

    Wonderful program. Are you going to release an update? It’s been a couple of years since the last version.

    Thanks for you hard work.

  3. Hi ! I don’t know what to think : when I scan Youtube, it gives me a different fingerprint from my ISP for many servers. And when I try Google.com (.fr, it makes my isp in blue/green), it makes my ISP also different but in red. What does it mean ? I have no problems for any other websites, and I noticed it’s always been with Google that there is always something different. Is it normal ?
    Thanks !

    • Dear Vael,

      I can’t comment about your ISP but here are my results tested through VPN in USA.

      Youtube.com:
      a8c9bb25ecd79714b3f7c48a6d4a990ba7398a55

      Google.com:
      4497f7fa2f13aad5dfae738de32c1890249c01e3

      Google.fr
      a8c9bb25ecd79714b3f7c48a6d4a990ba7398a55

  4. I could pay for this to be available on my Mac.

  5. Can you please build a software update check into the application? Also would be nice to have a link in the about menu pop-up that leads straight to the product page, instead of the main web site.

  6. Hi there,

    BlackBelt Privacy Team here.

    Thank you for mentioning our software.
    We are constantly trying to improve it and make it more useful for our users.

    If you have recommendations and we can accommodate them we will.

    We hope you enjoy using it.

    Best regards.

    BBP Team

  7. Dear Spousalmilk,

    For google.com it was a bug that will be fixed on the next release but for google.co.uk its a bit strange I tried it on Linux nodes and I get the same result which is different than Firefox or Chrome..

    openssl s_client -connect www.google.co.uk:443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin
    

    Still working on it will update you..

    • Spousalmilk

      The reason IE on Windows XP was getting the same certificate fingerprint as SSL Eye from http://www.google.co.uk was because neither supported Server Name Indication (SNI).

      [snippet from wikipedia]
      Browsers with support for TLS server name indication
      Internet Explorer 7 or later, on Windows Vista or higher. Does not work on Windows XP, even Internet Explorer 8 (because the support of this feature is not browser version dependent, it depends on SChannel system component which introduced the support of TLS SNI extension, starting from Windows Vista, not XP).

      http://blog.chrismeller.com/testing-sni-certificates-with-openssl
      Openssl must be told to send the necessary SNI request (add the switch -servername http://www.google.co.uk)

      openssl s_client -servername http://www.google.co.uk -connect http://www.google.co.uk:443 /dev/null | openssl x509 -fingerprint -noout -in /dev/stdin
      >9B:4C:03:99:61:82:4F:EC:EA:00:61:7B:87:9B:6B:C7:CE:10:BF:09
      ^this fingerprint now matches what I’m getting in the Firefox and Chrome

      • Thank you for the information it is clear now we have to find a solution with indy component to support SNI. Hopefully version 2 of SSLEYE will have it solved stay tuned 🙂

        You missed < character before /dev/null working code would be:

        openssl s_client -servername www.google.co.uk -connect www.google.co.uk:443 < /dev/null | openssl x509 -fingerprint -noout -in /dev/stdin

        • Spousalmilk

          You’re welcome. 🙂 It’s because I forgot to put the command in code tags that it came out like it did. I miss the preview post button like on forums.

          Looking forward to the next release!

          • Dear Spousalmilk,

            SSLEYE 1.5 has been released and the bug has been fixed with some extra features added. Thank you for your valuable input again please try the new verion and spread the word in wilderssecurity thread you mentioned earlier.

  8. Spousalmilk

    Hi there, we need some assistance regarding SSL Eye and “Your Local ISP” scan results. Hope you can help us out here: http://www.wilderssecurity.com/threads/google-compromised-mitm.364063/#post-2373487

  9. Hi mate!
    Looks like an excellent tool….thanks you very much to give me/us the opportunity to use it for FREE!

    Just a question for you: do you know if freeware like “blackbelt privacy” and/or “CryptSync” can also be used as a means to avoid or at least minimize the risk of the Man-in-the-middle attack?

    http://sourceforge.net/projects/blackbeltpriv
    http://stefanstools.sourceforge.net/CryptSync.html

    And finally…ever tried this??

    http://securityxploded.com/sslcertscanner.php

    • Dear Joe,

      Thank you as well for trying SSLEye.

      CryptSync is good tool with following downsides:

      1 – Duplication of files (Unless you use your cloud for backup only).Then I would go for Crashplan.
      2- Uses 7-zip to encypt which is limited to AES-256.

      To overcome this limitation and have stronger encryption I would use Truecrypt container and sync it to the cloud using CryptSync. If you are using Dropbox and you need to access files in more than one device then replace True-crypt with PGP.
      Please have a look at the following articles for more tools and methods:

      http://www.digi77.com/ways-to-deliver-your-messages-securely-and-anonymous/
      and
      http://www.digi77.com/backup-where-to-store-and-what-to-use-for-your-backup/

      BlackBelt the only advantage I see is them using your current installed Fire-fox winch overcomes the limitation of using Tor-bundle that unfortunately is always packed with out of date Firefox package. However if you would like to have a tool that has more features such as vpn + Tor + Dns encryption then use Stealthwalker.

      http://www.digi77.com/stealth-walker-vpn/

      In short BlackBelt and CryptSync minimize the risk of unwanted eyes on your content and connection however there are better alternatives that do the same in better quality.

      For SSLCertScanner I don’t think its worth it as I can always push to you a valid fake certificate and the tool will report it as valid. You can use a better validation tool from SSL labs
      https://www.ssllabs.com/

      Both SSL labs and BlackBeltof can be used to validate SSL certificate but non of them would detect SSL Man in The Middle attack or spy as SSLEye does by validating the finger print of any certificate not only from your PC but from other remote nodes as well.

      • Thank you very much for your exaustive reply.
        Honestly I was not aware of StealthWalker, which seems to me simply amazing: how the heck is a tool like this FREE of charge?

        By the way, what do you make of this Free ​Cross-platform Multi-protocol VPN program?

        http://www.softether.org/

        Ever heard it before?

        • Your are most welcome, Its free for the sake of marketing.However we still have a premium package for users who wish to have dedicated and faster servers.

          Regarding Sofethere the idea is brilliant to support all protocols which are widely used plus their own Ethernet over SSL protocol which is transparent on firewalls. Once they release the source code of their server we will consider switching to Sofehere. With no doubts they the Japanese developed a powerful tool.

          For better understanding how it works I encourage you to read the following article:

          http://www.softether.org/1-features/1._Ultimate_Powerful_VPN_Connectivity

    • By the way here are list of tools that can replace Dropbox and CryptSync with encryption done locally before submission to the cloud…

      wuala 5GB
      http://wuala.com/

      Tresorit 5GB
      http://tresorit.com/

      SpiderOak 2GB
      https://spideroak.com/

      Mega.co.nz 50GB only web
      https://mega.co.nz/

  10. Hartcher

    The same thing in firefox extension : perspectives

    • Thank you Hartcher they are similar in functionality but SSLEye has more functions like multiple defined list + Extended validation check + Perfect forward secrecy check and Report export all in one easy GUI.

commentJoin the Discussion

Pin It on Pinterest