Friday, October 3, 2014

Using sslsniff 

            A powerful tool to test how strong your website is under an SSL MITM (Man-In-The-Middle) attack is an essential tool. sslsniff and sslstrip are two tools by Moxie Marlinspike that can help us achieve this. Both these tools are great but today I will be covering sslsniff as it is a more advanced and easier tool to use.

Requirements
-          Kali Linux or Backtrack
-          If you don’t have the above, any Linux distro will work but will require some extra work such as downloading the repositories

Directions
Kali Linux:
1)      If you have Kali Linux, navigate to the top left of your screen and select “Applications” and click on “Kali Linux”
2)      Under “Kali Linux”, you should find “Sniffing/Spoofing” and under that “sslsniff”.
3)      When the terminal prompt opens, make sure you are in root so that all commands can be executed at System level.
4)      Now, you must set up iptables which is a very flexible Linux firewall which will help in arpspoofing (Will be discussed later on).  Type in this code :
echo 1 > /proc/sys/net/ipv4/ip_forward

5)      Next you should set up a rule in iptables to intercept all SSL traffic. This rule will allow you to have the authority to capture these packets. Type in this code:
iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports <$listenPort>
Where it says <$listenPort>, you should place a port that will receive these connections. Try 999 if you do not know what to put.

6)      Now that you have finished with the iptables, you must start arpspoof. Arpspoof enables you to trick the victim’s computer into thinking you are a legitimate proxy server and that they should sent their information to you. To do this, type in this code:
arpspoof -i eth0 -t (victim IP address)(gateway/router address)
The –i represents the interface you are using. This does not have to be etho, It could be wlan0 or wlan1. –t represents that target IP address and the next one would be the gateway address. Make sure not to include the parenthesis.
7)      Now you should start receiving traffic from the victims computer onto a specified log and on your terminal.

Conclusion
This tool helps show the vulnerabilities of using SSL and how you are not fully safe on the internet at all. Sites that are not vulnerable to this attack are sites that used Forced HTTPS. These sites, such as Google.com and Gmail.com do not accept HTTP and force their sites to use HTTPS.






Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)