Hacker, Researcher and Author.

Man In The Middle Attack - SSL Hacking

One of the most successful way of gaining information such as passwords,user ids etc in LAN (local area network) is through man in the middle attacks . I will not be going to deep into Man in the middle attacks, but in simple words it can be explained as attacker or a hacker listening to all the information sent in between the client and the server .To prevent these kind of attacks Email providers started using Hypertext Transfer Protocol Secure (HTTPS) It is a combination of the Hypertext Transfer Protocol(HTTP) with SSL (Secure socket layer )protocol to provide encrypted communication between the client and the server .So when a hacker caries out a Mimt attack the victim is cautioned with a invalid SSL Certificate



In this tutorial I will teach how to carry out a successful Mitm attack

Concept :-

We Know that HTTP (Hypertext Transfer Protocol )simply sends all the information through plain text .So if we make the victim use HTTP instead of HTTPS to connect sites like Gmail , Pay pal. we will be able to carry out a successful Mitm attack with out causing any suspicion To do this we are going to use a tool called SSL strip

Read More: What is SSL(Secure Socket Layer)

Thing we Need

1. SSL strip: You can search Google for SSL strip it comes both in windows and Linux versions . I will be using the windows version in this tutorial

2. Ettercap to carry out mitm attacks

Demonstration :-

1. Open SSL strip and fill in all the required information for arpsoof, network ,ssl strip, change data .If you don’t know what to enter simply click auto check . remember to check if HTTPS to HTTP is included in Change data , finally click ok



2. Now select the victim’s IP and click open


3. Now open ettercap go to sniff -unsniffed sniffing and select your network interface and click ok 



4. Now select hosts-scan hosts .Once scanning is completed .Open host list from hosts tab .Now select the IP address of the router as target 1 and the victims IP as target 2



5. Now select mitm-arp poisoning and click ok as shown



6. Finally select start-start sniffing .Now when the victim logs into gmail he will be using HTTP and not HTTPS Hence we are able to get the User id ,passwords as shown below



Counter measures:

1. whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you Use HTTPS

2. Always check the SSL certificate before doing an online transaction

About The Author

This article is writen by John Jeffery, He is the owner of Hackholic where he writes security related stuffs, If you are interested in writting a guest post on RHA, Kindly read the guidelines here

12 comments:

  1. i am unable to find SSL strip windows version :(
    can you tell me a link ?

    ReplyDelete
  2. hey rafay, i am karan chauhan owner of www.krackoworld.tk and submitted a article to your email , plz check it or publish ...

    thanks

    ReplyDelete
  3. Where can i get that GUI Version of SSLStrip...
    I Googled It...Nothing Found on GUI..
    Can i have Link???

    ReplyDelete
  4. Few things
    1. It SSL not SLL
    2. The entire use of SSLstrip depends on a successful ARP spoof (using something like arpspoof) which you havent even touched on. Without arpspoof, it won't even work.
    3. There are tried an tested ways of beating ARP flooding or spoofing.

    ReplyDelete
  5. All that ettercap does is captures packets. If you are in a switched(as against hubs) network, capturing packets will not give u a wide net. Which is why you need arpspoof to bring larger amount of traffic to your system.

    PS: I doubt you will approve this :-/

    ReplyDelete
  6. @Sandip Dev

    1.Yes Spelling mistake

    2.The author has done about ARP Spoofing in step 1.

    step 1- Open SSL strip and fill in all the required information for arpsoof, network ,ssl strip, change data .If you don’t know what to enter simply click auto check, remember to check if HTTPS to HTTP is included in Change data , finally click OK

    The author told to enter the information for arpspoof and also mentioned that if you don’t know what to enter simply click auto check which gives u the default settings

    ReplyDelete
  7. So where do you find the windows version of the SSLStrip software.
    Or what search string should I use?
    All I could find is the Linux version.

    ReplyDelete
  8. i am unable to find SSL strip windows version :(
    can you tell me a link ?

    ReplyDelete
  9. Rafay, can you please tell me can my ISP track my internet activity if I using elite proxy without ssl support? I presume that they can not track me if I using ssl proxy... Am i right?

    ReplyDelete
  10. The SSLStrip works by watching http traffic, then by acting as a proxy when a user attempts to initiate
    an https session. While the user believes the secure session has been initiated, and SSLStrip has connected to the secure server via https, all traffic between the user and SSLStrip is http. The SSLStrip replaces all links with https:// in the page with http://. Warnings usually displayed by the browser don’t appear and the session appears normal to the end-user.

    ReplyDelete
  11. @rafay, even you dont know where to get the GUI of SSL strip for windows.. do you? :D

    ReplyDelete

© 2016 All Rights Reserved by RHA Info Sec. Top

Contact Form

Name

Email *

Message *

Powered by Blogger.