Page 3 of 8 FirstFirst 12345 ... LastLast
Results 21 to 30 of 71

Thread: [Video+Tutorial] How to: Crack snifff SSL / HTTPS (sslstrip)

  1. #21
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default ty

    Hi g0tmi1k! Thank's for the tutorial, it works great!

  2. #22
    Member mixit's Avatar
    Join Date
    Jan 2010
    Posts
    104

    Smile

    Thanks for the great tutorial! Looking forward to trying this after work. Has anyone found a way to avoid the network slowdown that so many people are reporting?

  3. #23
    Just burned his ISO
    Join Date
    Nov 2008
    Posts
    1

    Default

    Didn't work for me, but the target machine was running Ubuntu 9.04. It appears as if Ubuntu simply didn't accept the ARP spoof. However if I reversed the arp spoof (arpspoof -i wlan0 -t 192.168.1.1 192.168.1.100), the target machine couldn't reach the network (obviously, since the router attempted to route traffic from the target to my attacking machine).

    Is Ubuntu just not susceptible to this type of attack, or am I doing something wrong?

  4. #24
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by VillageIdiot View Post
    Didn't work for me, but the target machine was running Ubuntu 9.04. It appears as if Ubuntu simply didn't accept the ARP spoof. However if I reversed the arp spoof (arpspoof -i wlan0 -t 192.168.1.1 192.168.1.100), the target machine couldn't reach the network (obviously, since the router attempted to route traffic from the target to my attacking machine).

    Is Ubuntu just not susceptible to this type of attack, or am I doing something wrong?
    Sounds like you didn't pass the packet forward through your machine.

    Try typing "arp -a" on your ubuntu machine to see if the MAC changes before and then during the spoof.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  5. #25
    Member mixit's Avatar
    Join Date
    Jan 2010
    Posts
    104

    Default Thanks

    Thanks for the great tutorial! Followed this tutorial exactly and it worked seamlessly. No error messages appeared on the target computers and there was very little network slowdown. Also i tried setting 192.168.1.255 as the target and i was able to retrieve passwords from the entire network.

    The target machines I tested against included a Vista laptop with Mozilla 3.0 and an XP desktop sp3 with Mozilla 3.0

  6. #26
    Junior Member
    Join Date
    Dec 2007
    Posts
    88

    Default

    Cool tutorial !!

    Now I'm worried. I go to internet cafes often.

    1. Is there anyway to detect if someone is arp spoofing my traffic (assuming I'm the victim) ?
    2. As suggested in a previous post, can someone capture all wifi traffic and later decrypt, replay on i lo and get the username and passwords ? If so, does the victim have any tools to prevent this ?

  7. #27
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default

    Quote Originally Posted by sylvestor2002 View Post
    Cool tutorial !!

    Now I'm worried. I go to internet cafes often.

    1. Is there anyway to detect if someone is arp spoofing my traffic (assuming I'm the victim) ?
    2. As suggested in a previous post, can someone capture all wifi traffic and later decrypt, replay on i lo and get the username and passwords ? If so, does the victim have any tools to prevent this ?
    1. yes, i use "cc get mac address", but on windows. it scans the network for mac's and IP's, and if a mac associated to an IP changes, it changes color. It's an automatic scanner, so you don't have to push "scan" every time. But it won't warn you with messages, pop ups or ring sounds, you have to watch it now and then. Haven't tried it yet, so I don't know if it works.

    2. yes, you can use airodump-ng to capture packets and airdecap-ng to decrypt them later if the network is protected, but it will only catch unencrypted usernames and passwords, not ssl encrypted ones. There's nothing you can do to prevent this if you connect to a insecure/WEP protected network. And even on a WPA network, if the attacker have access to the network, he can sniff data with airodump-ng. But normally, only unimportant sites have insecure logins.

    Hope it helps

  8. #28
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    18

    Default

    Ettercap already has mitm attack features(arp,icmp,dns,etc),
    no need to use arpspoof for this.

    Code:
    ettercap -T -i INTERFACE -M arp:remote /TARGET1/ /TARGET2/
    or sth similar to 'redirect' connections between TARGET1 and TARGET2 to pass through you. (If you leave TARGET1 and TARGET2 empty it will try to spoof the whole network)
    Perhaps it is interesting to use the "-P autoadd" argument so that the autoadd plugin is loaded automatically. This adds any new host on the network to the spoofing list. /n/

    To save the packets run ettercap with the -w or -L mode to log or just check the damn documentation using
    Code:
    man ettercap
    @sylvestor2002
    ettercap has various plugins to see if someone has a interface running in promiscuous mode(capturing packets), spoofing address or any other conspicuous network activity.

    Note:
    One of my experiment was to execute a DHCP spoof attack(you become the networks DHCP server) to set my machine as the local DNS server, which reroutes requests to the original DNS server.

    With this you can run metasploit in fakeDNS mode and use various information capturing techniques and try SMBrelay attacks.

  9. #29
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default

    Quote Originally Posted by Snakerdlk View Post
    @sylvestor2002
    ettercap has various plugins to see if someone has a interface running in promiscuous mode(capturing packets), spoofing address or any other conspicuous network activity.
    Yes, agreed. But i wouldn't rely too much on that plugin. There is also arpwatch, although i've never tried it. To download it:

    #apt-get install arpwatch

    And XArp for windows, google for it.

    EDIT: Found an interesting threat on Detection and prevention of arp spoofing

    Detecting/Preventing ARP Spoofing:

    We have several options on how to detect this type of attack. First you can manually set the MAC address so that when your computer receives an ARP packet it will ignore it. Manually setting is a pain but is probably the easiest method. You can add an static entry by typing 'arp -s IP address MAC address' in Windows or Linux.

    You could also run a program by Irongeek called DecaffeinatID. What this program does is monitor’s your ARP cache and notifies you of any additions and any changes. If it detects an ARP spoofing attack it will alert you. DecaffeinatID is a windows based program.
    Linux has several programs that you can use to detect ARP spoofing on your computer, one being ARPon. I couldn’t get this to work on my machine, but it says it does more then detection, it will prevent it from happening. You can also use Ettercap to detect ARP spoofing (both on Linux and Windows), and ARPWatch.

    A few other solutions would be to encrypt all traffic on your network with IPSec or something similar. You could also implement DHCP spoofing; with it you can configure your switches to only allow certain MAC address to have access to the network, not the best solution because MAC address can be changed, but it added another layer of complexity. And finally install an IDS/IPS system like Snort.
    If your network happens to have Cisco equipment you can turn on ARP Inspection. [...]

    ARP spoofing is not a major problem with large companies, mainly because in order to perform this attack you must have physical access to their network, either via wired or wireless. It can be a problem with home users who have a laptop and bring it to their local coffee shop and surf the internet.

  10. #30
    Just burned his ISO
    Join Date
    Aug 2009
    Posts
    5

    Default

    Hi
    when I try the arpspoof I getting an error messege
    arpspoof: couldn't arp for host 192.168.1.71
    I put my own IP (I'm using vmware)
    I tried to put another host on my network and got the same message
    any help??

Page 3 of 8 FirstFirst 12345 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •