Man In The Middle Attack - SSL Hacking

One of the most successful way of gaining information such as passwords,user ids etc in LAN (local area network) is through man in the middle attacks . I will not be going to deep into Man in the middle attacks, but in simple words it can be explained as attacker or a hacker listening to all the information sent in between the client and the server .To prevent these kind of attacks Email providers started using Hypertext Transfer Protocol Secure (HTTPS) It is a combination of the Hypertext Transfer Protocol(HTTP) with SSL (Secure socket layer )protocol to provide encrypted communication between the client and the server .So when a hacker caries out a Mimt attack the victim is cautioned with a invalid SSL Certificate



In this tutorial I will teach how to carry out a successful Mitm attack

Concept :-

We Know that HTTP (Hypertext Transfer Protocol )simply sends all the information through plain text .So if we make the victim use HTTP instead of HTTPS to connect sites like Gmail , Pay pal. we will be able to carry out a successful Mitm attack with out causing any suspicion To do this we are going to use a tool called SSL strip

Read More: What is SSL(Secure Socket Layer)

Thing we Need

1. SSL strip: You can search Google for SSL strip it comes both in windows and Linux versions . I will be using the windows version in this tutorial

2. Ettercap to carry out mitm attacks

Demonstration :-

1. Open SSL strip and fill in all the required information for arpsoof, network ,ssl strip, change data .If you don’t know what to enter simply click auto check . remember to check if HTTPS to HTTP is included in Change data , finally click ok



2. Now select the victim’s IP and click open


3. Now open ettercap go to sniff -unsniffed sniffing and select your network interface and click ok



4. Now select hosts-scan hosts .Once scanning is completed .Open host list from hosts tab .Now select the IP address of the router as target 1 and the victims IP as target 2



5. Now select mitm-arp poisoning and click ok as shown



6. Finally select start-start sniffing .Now when the victim logs into gmail he will be using HTTPand not HTTPS Hence we are able to get the User id ,passwords as shown below



Counter measures:

1. whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you Use HTTPS

2. Always check the SSL certificate before doing an online transaction

1 comment:

  1. No NameJune 20, 2020 at 8:10 PM

    Hi Everyone!

    We have USA fresh & Verified SSN Leads with best connectivity score
    All info checked & genuine

    Info in LEADS
    First Name | Last Name | SSN | Dob | DL Number |Address | State | City | Zip | Phone Number | Account Number | Bank NAME

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If anyone buy in bulk, we can negotiate
    *Sampling is just for serious buyers

    ==>ACTIVE & FRESH CC FULLZ ALSO AVAILABLE<==
    ->$5 PER EACH

    LIMITED DATA AVAILABLE
    ->Hope for the long term deal
    ->Interested buyers contact me fast

    Whatsapp > +923172721122
    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete

Subscribe to: Post Comments (Atom)