|
|||||||
| BackTrack 4 Howto Tutorials and Howtos about BackTrack 4 (NOT for requesting tutorials or how to do anything) |
 |
|
|
LinkBack | Thread Tools | Display Modes |
07-10-2009, 06:47 PM
|
||||
|
||||
[Video+Tutorial] How to: Snifff SSL / HTTPS (sslstrip)
Hey all!
A video on how to sniff HTTPS / SSL! What is this? This video shows that with SSL encryption, it isn't any more secure. Proof of this is seen by showing my web based email (Google Mail) & online bank (PayPal) password... How does this work? > Performing a 'Man In The Middle' attack therefore all the traffic flows through the attacker. > Picks out HTTP traffic from port 80 and then packet redirection / forwarding onto a different port. > SSLStrip is then listening on that port and removes the SSL connection before passing it back to the user. > ettercap then picks out the username & password. What do I need? > sslstrip > arpspoof > ettercap *all in BackTrack 4 Pre Final* Commands: Targets IP: 192.168.1.6 Gateway : 192.168.1.1 Notes: You could save the packets instead, and then look through it later, in case ettercap doesn't pick up the information you need! Links Stream Video: http://blip.tv/file/2345515 Download Video: http://www.mediafire.com/download.php?jzt2kmmdzzr Commands: http://pastebin.com/f2b34793e Software Name: sslstrip Version: 0.2 Home Page: http://www.thoughtcrime.org/software/sslstrip/index.html Download Link: http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.2.tar.gz Name: arpspoof (DSniff) Version: 2.3 Home Page: http://www.monkey.org/~dugsong/dsniff/ Download Link: http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz Name: ettercap Version: 0.7.3 Home Page: http://ettercap.sourceforge.net Download Link: http://prdownloads.sourceforge.net/ettercap/ettercap-NG-0.7.3.tar.gz?download ~g0tmi1k
__________________
~ Have you, g0tmi1k? ~
 <(^^,)>  d[-_^]b (= =D-->--<  Last edited by g0tmi1k; 07-12-2009 at 04:47 PM. 
|
|
07-11-2009, 12:52 AM
|
||||
|
||||
Nice tut... one small point - the exe for backdoor is getting cought by AV as trojan... grrrrr It can escape from half of the AV in Virustotal but .....
__________________
If you can't explain it simply, you don't understand it well enough -- Albert Einstein
|
|
07-11-2009, 05:49 AM
|
||||
|
||||
|
Nice work, thanks for posting.
Great tune to roll with, I was sad when it cut out around halfway into the video but was no big deal. Nice Video and thanks again for sharing it for others.
__________________
EEEPC-1000HE 2 gigs ram, Patriot Warp 2.5" 32GB SATA II Internal (SSD) Windows Home/BT4 Pre-final __________________________________________________ _______________________ Macbook pro 15" 4 gigs ram
|
|
07-11-2009, 08:57 AM
|
||||
|
||||
|
Quote:
Thanks! But i'm not using SBD this time around!  Plus I dont have any AV running on my targets PC!evanuz, I use: Quote:
Quote:
Thanks for the thanks! The music cuts out!? :O *goes and checks* Edit: Yup - music was missing half way! Re-uploaded (blip.tv and mediafire - links updated!)
__________________
~ Have you, g0tmi1k? ~
<(^^,)> d[-_^]b (= =D-->--< Last edited by g0tmi1k; 07-12-2009 at 04:47 PM.
|
|
07-14-2009, 05:48 AM
|
|||
|
|||
|
Great tutorial and tool but i had a few problems. Was able to get everything up and running no problem using the bt4 pre release but the experience for the user on the target pc was not very seamless.
While testing, I noticed that my target box was taking much longer to load sites (some didnt load at all). Many of the sites would hang with only half the page loaded and in some cases just timeout completely. The attack was working and i was seeing my passwords in plaintext but I couldn't get it so that the target machine seemed unchanged. In many attempts I would log into my gmail account, but would never make it to my inbox. It would just hang or take me back to the login screen. Anyone else have this problem?
|
|
07-14-2009, 07:15 AM
|
||||
|
||||
|
Quote:
I use a similar attack when the audit team requests access to particular information about a users browsing habits, it's good to be able to watch their ssl proxy usage sometimes.
__________________
Never underestimate the power of human stupidity - it is like a force of nature, capable of destroying even the most well laid plans.
|
|
07-14-2009, 07:44 AM
|
||||
|
||||
|
When SSLstrip 0.2 came out I got a copy form Moxie and wrote a tut here. Even put it on a rouge AP. Props to "DarkOperator" for that script. It was so slow we talked about porting it to C. This was not on pre though. Just BT4 beta. Is SSLstrip (not on a rouge AP) still ULTRA slow?
Onryo
__________________
Let me explain officer, I am not a hacker. I am a security tester of sorts! Last edited by onryo; 07-14-2009 at 07:47 AM.
|
|
07-14-2009, 08:07 AM
|
||||
|
||||
|
Ya i did a write up of running it under airbase .. its not really a prob with sslstrip but more a airbase limitation as you cant set the mtu size on the alfa card. Other cards should work however
__________________
Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.
|
|
| Bookmarks |
| Tags |
| g0tmi1k, https, ssl, sslstrip |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 11:00 AM.
