Using Sslstrip To Conduct A Man-In-The-middle Attack - Mastering Kali Linux For Advanced Penetration Testing - Second Edition

Using sslstrip to conduct a man-in-the-middle attack - Mastering K... https://learning.oreilly.com/library/view/mastering-kali-linux/978...
! Mastering Kali Linux for Advanced Penetration Testing - Second Edition
1 of 11 29/01/2019, 00:52
2 of 11 29/01/2019, 00:52
3 of 11 29/01/2019, 00:52
4 of 11 29/01/2019, 00:52
5 of 11 29/01/2019, 00:52
6 of 11 29/01/2019, 00:52
7 of 11 29/01/2019, 00:52
8 of 11 29/01/2019, 00:52
NEXT ⏭
PREV
⏮
Reconnaissance of SSL connections Denial-of-service attacks against SSL
! % 🔎
Using sslstrip to
conduct a man-in
-the-middle atta
ck
Despite the security offered by the SSL protection, there are some effec-
tive attacks against the protocol. In 2009, Moxie Marlinspike demon-
strated sslstrip, a tool that transparently hijacks the HTTP traffic
on a network and redirects the traffic to look like HTTP or HTTPS links. It
removes the SSL protection and returns the secured lock icon to the vic-
tim's browser so that the interception cannot be readily detected.
In short, sslstrip launches a man-in-the-middle attack against SSL,

allowing the previously secured data to be intercepted.
To use sslstrip, you must first configure the intercept system into
the forwarding mode using the following command:
root@kali:~# echo "1"> /proc/sys/net/ipv4/ip_forward
Next, set up the iptables firewall to redirect the HTTP traffic to

sslstrip using the following command:
root@kali:~# iptables -t nat -A PREROUTING -p tcp

--destination-port 80 -j REDIRECT --to-port <listenport>
In this example, the listening port has been set to port 5353.
Now that the configuration is complete, run sslstrip using the fol-
lowing command:
root@kali:~# sslstrip -l 5353
The execution of the previous commands is shown in the following

screenshot:
9 of 11 29/01/2019, 00:52
Minimize the active terminal window that is executing sslstrip, and

open a new terminal window. Use ettercapto spoof ARP and redirect
the traffic from the network or target system directly to the intercepting
system using the following command:
root@kali:~# ettercap -TqMarp:remote /192.168.75.128/ /192.168.75.2/
Here, the ettercap -T switch selects the text-only interface, -q

forces the console into the quiet mode, and the -M option activates the
man-in-the-middle attack to hijack and redirect data packets. The
arp:remote switch implements the ARP poisoning attack and places
the attacker as a man-in-the-middle with the ability to view and modify
packets in the transmission. The remote portion of the switch is re-
quired if you want to view the remote IP addresses and communications
that pass through a gateway.
The execution of the previous command is shown in the following screen-

shot:
If the target system goes to access SSL-secured content, their queries are
directed through the gateway to the intercepting system.
From the user's perspective, they will be directed to the site and presented
with a There is a problem with the site's security certificate security alert,
prompting them with a decision to proceed. If they select Yes, they will be
directed to their selected page. The lock icon in the lower-right corner of
the browser will still indicate that SSL is engaged, indicating that their
communications are secure.
In the background, the sslstrip tool removes SSL, leaving raw con-
tent that can be viewed in the ettercap log, as shown in the following
screenshot:
This attack is only effective from the same Layer 2 network segment.
However, it is successful on both wired and wireless networks. Although
the ARP redirect can be applied against a network segment, such an at-
tack will impact the network bandwidth, which may be detected. There-
fore, it is most effective to direct this attack against single devices.
10 of 11 29/01/2019, 00:52
To disable the PREROUTING rule, replace -A with -D. To

clear the firewall rules, use iptables -t nat -F
to flush the commands and iptables -t nat -L
to verify that the tables have been cleared.
Recommended / Playlists / History / Topics / Tutorials / Settings / Get the App / Sign Out
© 2019 Safari. Terms of Service / Privacy Policy ⏭
PREV NEXT
⏮
Reconnaissance of SSL connections Denial-of-service attacks against SSL
11 of 11 29/01/2019, 00:52

Using Sslstrip To Conduct A Man-In-The-middle Attack - Mastering Kali Linux For Advanced Penetration Testing - Second Edition

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Using Sslstrip To Conduct A Man-In-The-middle Attack - Mastering Kali Linux For Advanced Penetration Testing - Second Edition

Diunggah oleh

Hak Cipta:

Format Tersedia

Using sslstrip to conduct a man-in-the-middle attack - Mastering K... https://learning.oreilly.com/library/view/mastering-kali-linux/978...

! Mastering Kali Linux for Advanced Penetration Testing - Second Edition

In short, sslstrip launches a man-in-the-middle attack against SSL,

root@kali:~# echo "1"> /proc/sys/net/ipv4/ip_forward

Next, set up the iptables firewall to redirect the HTTP traffic to

root@kali:~# iptables -t nat -A PREROUTING -p tcp

root@kali:~# sslstrip -l 5353

The execution of the previous commands is shown in the following

Minimize the active terminal window that is executing sslstrip, and

root@kali:~# ettercap -TqMarp:remote /192.168.75.128/ /192.168.75.2/

Here, the ettercap -T switch selects the text-only interface, -q

The execution of the previous command is shown in the following screen-

To disable the PREROUTING rule, replace -A with -D. To

Anda mungkin juga menyukai