In the client's Hello message, it asks for a standard 'RSA' ciphersuite. The MITM attacker changes this message to ask for 'export RSA'. The server responds with a 512-bit export RSA key, signed with its long-term key. The client accepts this weak key due to the OpenSSL/Secure Transport bug. The attacker factors the RSA modulus to recover the corresponding RSA decryption key. When the client encrypts the 'pre-master secret' to the server, the attacker can now decrypt it to recover the TLS 'master secret'. From here on out, the attacker sees plain text and can inject anything it wants.
SSL FREAK Check CVE-2015-0204 檢查站台是否中標