What is this?
This video shows that with SSL encryption, it isn't any more secure. Proof of this is seen by showing my web based email (Google Mail) & online bank (PayPal) password...
How does this work?
> Performing a 'Man In The Middle' attack therefore all the traffic flows through the attacker.
> Picks out HTTP traffic from port 80 and then packet redirection / forwarding onto a different port.
> SSLStrip is then listening on that port and removes the SSL connection before passing it back to the user.
> ettercap then picks out the username & password.
What do I need?
> sslstrip
> arpspoof
> ettercap
*all in BackTrack 4 Pre Final*
Commands:
Targets IP: 192.168.1.6
Gateway : 192.168.1.1
Notes:
You could save the packets instead, and then look through it later, in case ettercap doesn't pick up the information you need!
Links
Stream Video: http://blip.tv/file/2345515
Download Video:http://www.mediafire.com/download.php?jzt2kmmdzzr
Commands: http://pastebin.com/f2b34793e
No comments:
Post a Comment