TIPS AND TRICKS - SSL Sniffing, Hackers Can Now HTTPS Packet Sniff | High Piracy

SSL Sniffing, Hackers Can Now HTTPS Packet Sniff | High Piracy

28/06/2011 21:14

HTTPS is the most secure network running packages that are used for online banking services like Paypal, bank site, the ETS. Also in the e-mail accounts like Gmail and even Facebook can now sniff all the tools attacker who qualify for it.

A new tool presented at the Black Hat DC 2009 conference by Moxie Marlinspike turns out to be a formidable foe against a system secure connection. Always trying to stay on top of the game, click death squad decided to give this tool a whirl and see what the buzz. This attack is particularly clever because it acts like a man in the middle, watching the HTTP requests and then map to the HTTP configurations look identical. If a person was operating a wireless access point that had been broken, the results can be devastating. You have a machine with sslstrip enabled port forwarding and ARP spoofing active on a LAN. This computer is to jump, which distorts the wireless router to redirect HTTPS requests, modify and send to the victim. Features include a false "lock" icon and selective logging, which allows great flexibility when sniffing traffic.

Tools needed to do this:

* A wireless network that you can access and test

* An act "victim" of the client computer that is snorted

* Linux installed sslstrip

* Basic skills in networking and Linux command line options

Step 1: Tell the kernel to enable IP forwarding.

The receiver acts as an intermediary and victim of the desired destination. You must enable IP forwarding so that packets can be transmitted to the machine. This is quite simple, just move the value of the nucleus, which is said to allow packet forwarding.

"Sudo echo 1> / proc/sys/net/ipv4/ip_forward" # # # enable IP routing in the Linux kernel.

Step 2: Define a rule to iptables firewall for HTTP traffic of the victim foward to your box to change.

As the victim is actively surfing the Web, the team must act as a middle man so that when the user is directed to an HTTPS connection, the computer changes the data and passes it along. By creating an iptables rule, which can have traffic to happen to your computer, edit it and then move sslstrip using version "tricked out" the victim and capture login information.

"Sudo iptables-t nat-A PREROUTING-p tcp-destination-port 80-j REDIRECT-to-door 666" # # # iptables forward port 80, you sslstrip boxes running on port 666
Firewall rules on your box was set to forward all traffic on port 80 (HTTP), which can be received by the victim. The key is passed, the traffic of the victim through your box to sslstrip that will change any HTTPS connection request and send them to the proper destination. In doing so, they can log information will be captured.

Step 3: ARP spoof the target traffic to redirect to the machine.

Using arpspoof, you can monitor all traffic to the victim's machine. When you use your own iptables firewall rule for HTTP traffic to pass, and change it, you need to drive traffic to the window. Use arpspoof to drive traffic to your computer so that HTTP requests can be modified hijacking.

sudo "-i wlan0 192.168.1.1 192.168.1.121 arpspoof" # # # where 192.168.1.121 is the goal, and 192.168.1.1 is the address of the wireless access point of intellectual property.

All steps are in place. Iptables is configured to redirect HTTP requests sslstrip, ARP spoofing is to redirect traffic to the victim in the box, and your machine is the transmission of requests. The last step is to actually start sslstrip and start diverting some of the sessions.

Step 4: Run and catch some sslstrip passwords.

Start sslstrip server running on the machine and see what happens. The victim to download a website, and because it has an ARP spoofing, the request was addressed to the first machine. Sslstrip request has been changed, then changed iptables to forward traffic to the intended destination.

sudo "python sslstrip.py L-666-f lock.ico" # # # sslstrip load and use the icon provided lock.ico as a replacement if necessary.

Here you will find that the server is started

It looks like the victim connected "secure.myspace.com" to check on their site ...

Now we can see, we were able to capture a password change request. So now, before the implementation of the new HTTPS now have to think again.

Back

Contact

TRICKS MAN