Man In The Middle Attack - SSL Hacking | Learn How To Hack

One of the most successful way of gaining information such as passwords,user ids etc in LAN (local area network) is through man in the middle attacks . I will not be going to deep into Man in the middle attacks, but in simple words it can be explained as attacker or a hacker listening to all the information sent in between the client and the server .To prevent these kind of attacks Email providers started using Hypertext Transfer Protocol Secure (HTTPS) It is a combination of the Hypertext Transfer Protocol(HTTP) with SSL (Secure socket layer )protocol to provide encrypted communication between the client and the server .So when a hacker caries out a Mimt attack the victim is cautioned with a invalid SSL Certificate

In this tutorial I will teach how to carry out a successful Mitm attack

Concept :-

We Know that HTTP (Hypertext Transfer Protocol )simply sends all the information through plain text .So if we make the victim use HTTP instead of HTTPS to connect sites like Gmail , Pay pal. we will be able to carry out a successful Mitm attack with out causing any suspicion To do this we are going to use a tool called SSL strip

Read More: What is SSL(Secure Socket Layer)

Thing we Need

1. SSL strip: You can search Google for SSL strip it comes both in windows and Linux versions . I will be using the windows version in this tutorial

2. Ettercap to carry out mitm attacks

Demonstration :-

1. Open SSL strip and fill in all the required information for arpsoof, network ,ssl strip, change data .If you don’t know what to enter simply click auto check . remember to check if HTTPS to HTTP is included in Change data , finally click ok

2. Now select the victim’s IP and click open

3. Now open ettercap go to sniff -unsniffed sniffing and select your network interface and click ok

4. Now select hosts-scan hosts .Once scanning is completed .Open host list from hosts tab .Now select the IP address of the router as target 1 and the victims IP as target 2

5. Now select mitm-arp poisoning and click ok as shown

6. Finally select start-start sniffing .Now when the victim logs into gmail he will be using HTTP and not HTTPS Hence we are able to get the User id ,passwords as shown below

Counter measures:

1. whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you Use HTTPS

2. Always check the SSL certificate before doing an online transaction

About The Author

This article is writen by John Jeffery, He is the owner of Hackholic where he writes security related stuffs, If you are interested in writting a guest post on RHA, Kindly read the guidelines here

Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook, Google+ and Twitter.

Tags: Security tips

Kindly Bookmark it and Share it with Friends:

12 comments:

Anonymous said...: i am unable to find SSL strip windows version :(
can you tell me a link ?
Anonymous said...: hey rafay, i am karan chauhan owner of www.krackoworld.tk and submitted a article to your email , plz check it or publish ...

thanks
vs4vijay on March 5, 2011 at 10:48 PM said...: Where can i get that GUI Version of SSLStrip...
I Googled It...Nothing Found on GUI..
Can i have Link???
itsallpartoftheplan on March 6, 2011 at 12:15 PM said...: Few things
1. It SSL not SLL
2. The entire use of SSLstrip depends on a successful ARP spoof (using something like arpspoof) which you havent even touched on. Without arpspoof, it won't even work.
3. There are tried an tested ways of beating ARP flooding or spoofing.
itsallpartoftheplan on March 6, 2011 at 12:18 PM said...: All that ettercap does is captures packets. If you are in a switched(as against hubs) network, capturing packets will not give u a wide net. Which is why you need arpspoof to bring larger amount of traffic to your system.

PS: I doubt you will approve this :-/
Rafay Baloch on March 7, 2011 at 8:07 AM said...: @Sandip Dev

1.Yes Spelling mistake

2.The author has done about ARP Spoofing in step 1.

step 1- Open SSL strip and fill in all the required information for arpsoof, network ,ssl strip, change data .If you don’t know what to enter simply click auto check, remember to check if HTTPS to HTTP is included in Change data , finally click OK

The author told to enter the information for arpspoof and also mentioned that if you don’t know what to enter simply click auto check which gives u the default settings
Anonymous said...: So where do you find the windows version of the SSLStrip software.
Or what search string should I use?
All I could find is the Linux version.
Anonymous said...: i am unable to find SSL strip windows version :(
can you tell me a link ?
Just for Fun on March 14, 2011 at 1:34 AM said...: thanks mate
Anonymous said...: Rafay, can you please tell me can my ISP track my internet activity if I using elite proxy without ssl support? I presume that they can not track me if I using ssl proxy... Am i right?
Wildcard SSL on January 31, 2012 at 10:41 PM said...: The SSLStrip works by watching http traffic, then by acting as a proxy when a user attempts to initiate
an https session. While the user believes the secure session has been initiated, and SSLStrip has connected to the secure server via https, all traffic between the user and SSLStrip is http. The SSLStrip replaces all links with https:// in the page with http://. Warnings usually displayed by the browser don’t appear and the session appears normal to the end-user.
Getsuga Tensho on February 22, 2013 at 10:53 PM said...: @rafay, even you dont know where to get the GUI of SSL strip for windows.. do you? :D