[Video] How to: Snifff SSL / HTTPS (sslstrip)

[g0tmi1k]

Absolutely great tutorial!


Wrote earlier I was experiencing some trouble with sslstrip and the Iptables.
NEVERMIND!
I did forward it to --to-ports 10000
changed it to 8080 and now it works great!

Thanks man!

Great to hear you have it working

10x man for the tutorial i rly love it easy simple and effective

Thanks for the thanks, good to hear its working for you.

Thanks for great video!

I have an problem to do this on my new NETGEAR router, all computers who ware connected to this new router gets an IP: 10.0.0.X and the router IP gateway is: 10.0.0.1

Ettercap only find 10.0.0.1 the router default gateway when i scan, the other computers who is connect to it doesnt show up, can't find them. Why's that? Is it to good secured? How will i do to see the other victims who are connected to this router?

Can you verify that you are connected? Can you ping another host on the network? Are you going from wireless to wired? Log in to the router, and have a look at the security settings.

First of all thanks to g0tmi1k for this amazing tutorial !

However I was able to sniff SSL passwords without typing all these commands. All I did was uncomment the 2 lines from /etc/etter.conf then run Ettercap with ARP Poisonning. Then I was able to sniff all ssl passwords without problem. What am I doing wrong ?

2nd question : I hacked my own network (I'm the admin) with Ettercap. Do I need do delete the fake certificates installed on the victim's computer during the test ? If I don't delete them, is it possible for a hacker who breaks into my network to "reuse" these fake certificates ? thanks.

Yes, you can use ettercap to do the MITM rather than using arpspoof like in the video.

It sounds like the issue is that on your target computer, as you have already allow the fake certificate! Hence why it HTTPS. (You have allowed the fake certificate to the expectation list?)
The idea behind SSLStrip is that the target doesn't have to accept the fake certificate, as it removes the certificate all together.
Try using another client or removing the certificate from the expectation, or use a different browser - see if it is still working for you.

This guide doesn't install a fake certificate...
And yes. If you have added it to accept a fake certificate, I'm sure you would be vulnerable. It’s best to remove it ASAP.

I g0t Mi1k!
Thanks a lot for this, took a bit of tweeking to get things going smoothly but in the end everything was peachy! Again, thank you!

So this was my first successful 'hack', if you will! Like I said it took a bit of tweeking to get going, but any bumps I hit were because I lacked a full understanding of what I was doing... So I'm just gonna list off a couple of things I'm uncertain of.

So I'm on my own private address space on my little LAN. Finest.
I'm using Ettercaps GUI, to carry out the ARP spoofing. - failed on my first attempt to execute this in Shell, I'll get back to it later. For now the GUI will suffice.

Our first command:

Code:

echo 1 >/proc/sys/net/ipv4/ip_forward

What exactly is happening here? I examined the file hoping for a hint as to what this is & what it's doing - but to no avail. What kind of file is this?
I'm taking a stab at it what this command does.
Are we simply setting our attacking machine to allow forwarding of any IPs that we intercept?

After that I think I understand whats happening... so ya that's all for now!
Where should my step in security exploits be, any recommendations?

Thanks again g0tMi1k.
Hugs etc etc


P.S.

I tested this out on the following:
Gmail
Hotmail (Cert warning flashed up once after logon.)
(Chrome, page layout distorted after logon)
Vodafone.com
warez-bb

Browsers:
Opera
Chrome
Firefox

All was well.

Code:

echo 1 >/proc/sys/net/ipv4/ip_forward

This enables IP forwarding. This is needed to forward IP packets from one source to another. e.g. From the target to the router! Otherwise they will not have internet access.
The file is either 0 or 1, which disables or enables ip_forwarding and its just a text file

I’m not sure what you mean by

Where should my step in security exploits be, any recommendations?

Thank you for your results regarding which sites you tried and browsers used. Always good to know.

[dehcade]

HI
thnx to g0tMi1k
i have problem with this method
when i use this ,it will be show

[sickness]

HI
thnx to g0tMi1k
i have problem with this method
when i use this ,it will be show

Modify the etter.conf for ettercap, and change the GID and UID to 0

[svalluke]

Thanx g0tmilk
very useful
I have one question, when i use ettercap for all hosts, no body will have an access to internet

Code:

ettercap -TqM ARP:REMOTE // // -i wlan0

but, when specific IP:

Code:

ettercap -TqM ARP:REMOTE /(AP)/ /(victim)/ -i wlan0

works perfect.

any ideas???

[g0tmi1k]

Thanx g0tmilk
very useful
I have one question, when i use ettercap for all hosts, no body will have an access to internet

Code:

ettercap -TqM ARP:REMOTE // // -i wlan0

but, when specific IP:

Code:

ettercap -TqM ARP:REMOTE /(AP)/ /(victim)/ -i wlan0

works perfect.

any ideas???

Check IP forwarding.
You could try using arpspoof instead.

[svalluke]

Check IP forwarding.
You could try using arpspoof instead.

It's not working.... i google it but i get nothing until now ... i will give answer back when i find it

[PeopleInPower]

i’m not sure what you mean by

Where should my step in security exploits be, any recommendations?

thank you for your results regarding which sites you tried and browsers used. Always good to know.

Your welcome!
I was referring to what security exploit I should look into/try next. I guess I'll try some WEP cracking or something along those lines. Gotta get around to familiarize myself with airCrack & the likes!

Again thanks for the vid & all the others you've posted...really nice to have!

[g0tmi1k]

It's not working.... i google it but i get nothing until now ... i will give answer back when i find it

Well, do you get any errors?
Can you see the traffic in wireshark?

Your welcome!
I was referring to what security exploit I should look into/try next. I guess I'll try some WEP cracking or something along those lines. Gotta get around to familiarize myself with airCrack & the likes!

Again thanks for the vid & all the others you've posted...really nice to have!

Sounds like a plan! Best of luck with it and cheers for the feedback =)

[crashover]

good video