[Video+Tutorial] How to: Snifff SSL / HTTPS (sslstrip)

**imported_g0tmi1k** · 07-10-2009, 05:47 PM

Please read:
http://forums.remote-exploit.org/bac...-sslstrip.html

Thanks

**Antec** · 10-09-2009, 09:43 PM

Enjoyed the video!

You have the "Targets IP" as 192.168.1.6. I am assuming this means that this is the IP of the computer being "attacked"

So I put in 192.168.0.103 (the target computers IP). Everything is good until the end result. I get:

Listening on wlan0... (Ethernet)

wlan0 -> (my mac address) 192.168.x.x (<- my IP) 255.255.255.0

So, am I sniffing myself? Even though I put in 192.168.0.103 and 192.168.1.1 as the command? When I click yahoo and try logging in nothing appears in the Konsole in shell #3.

How do you know if wlan0 is the correct word. How do you find this out? Maybe I need wlan1 or wlan2. Hope that made sense.

When you type "clean" what are you pressing after? I tried to type clean but all I got was "command not found" So I am assuming you are hitting shortcut keys to clear the konsole.

EDIT: I was able to get correct results on a LAN using eth0. Note: That ended up not seeing my own MAC address and got a different IP address.

Target: 192.168.1.111
It says im sniffing 192.168.1.210

Weird, but it worked! Now if only I could do it wireless. Should be the same thing just switch eth0 to wlan0, right?

**nokuku4u** · 10-12-2009, 07:07 AM

Good. Now what are some ways that we could prevent this from happening? I was thinking a long the line of; firewall rules for private ip addresses that would whitelist only needed ports for LAN communication. Or, walk over to the next cubicle and punch an innocent employee instead of wasting precious monitor and/or keyboard.

**makabrys** · 11-08-2009, 01:41 PM

nice thanks i will try .//

BackTrack Linux - Penetration Testing Distribution

Thread: [Video+Tutorial] How to: Snifff SSL / HTTPS (sslstrip)

Thread Tools

Search Thread

Display

[Video+Tutorial] How to: Snifff SSL / HTTPS (sslstrip)

Posting Permissions