Sniffer and MITM attack can do nothing to local encryption, which is a new technology, because the plaintext is merely encrypted in user's browser. Therefore, this paper proposed a clever way to bypass local encryption to achieve the goal of network forensics, based on the idea of MITM attack. A middle device is added to the key point of the network in which the forensics is realized through hijacking and tampering with HTML pages. The system redirects the IP packet to another computer in LAN by hijacking the real IP of the server. That computer fakes the real web server, and then by inserting some code in HTML page, the unencrypted plaintext is got before the code of local encryption been executed. The results show that the object is not aware of the existence of the forensics system, but the system has logged all the information of a HTTP request, including the plaintext bypassed local encryption.

• 出版日期2010
• 单位南京邮电大学