Can a man-in-the-middle intercept an SSL packet and duplicate it?

Question

AFAIK, SSL will encrypt the message under secure. But I still have the concern whether or not a man in the middle can catch the packet and duplicate it e.g. 1000 times

Answer 1

Application data is broken into small segments (implementation dependent size, usually <=16kb). Then that segment is

1. Compressed
2. Given a sequence number
3. Added a MAC (sequence number included in MAC calculation)
4. Encrypted
5. Given an SSL record header that contains the sequence number

Note the role of sequence number in this process. If the man-in-the-middle duplicates one such segment, the received can detect it using the sequence number. And the attacker cannot forge sequence number since it is included in MAC as well as the record header.

Sequence number gives SSL protection against duplication, deletion, reordering and replay attacks.

Answer 2

Sure, a passive man-in-the-middle attacker can catch the encrypted packet - that's why you do encryption. But because each SSL connection uses a unique encryption key the attacker cannot use this sniffed encrypted packet later to inject it into another connection. And as long as the encryption key is not compromised (which means for RSA key exchange that the private key of the certificate is not compromised) the attacker can not decode the sniffed packet.

Apart from that an active man-in-the-middle attacker might put itself in-between the parties, e.g. instead of Alice talking to Bob Alice will talk to Mallory and Mallory to Bob. To make this impossible you need the identification part of SSL, e.g. certificate checking and verification of the host name (one alone is not enough). Only this makes true end-to-end encryption possible.

Answer 3

SSL is secure from interception, replay, MITM, and truncation attacks. At least.