In security + 401 cert guide c'è una riga sull'attacco di replay come segue,
In a replay attack a hacker might use a packet sniffer to intercept data and retransmit it later. In this way the hacker can impersonate the entity that originally sent the data. For example,if customers were to log in to a banking website with their credentials while an attacker was watching, the attacker could possibly sniff out the packets that include the usernames and passwords and then possibly connect with those credentials later on. Of course, if the bank uses SSL or TLS to secure login sessions, then the hacker would have to decrypt the data as well, which could prove more difficult.
Secondo questa risposta, l'attacco in caso di autenticazione SSL / TLS è difficile ma possibile. La mia domanda è quindi come funziona?