Sslstrip On Windows-white Paper

  • Uploaded by: Nilesh Kumar
  • 0
  • 0
  • May 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Sslstrip On Windows-white Paper as PDF for free.

More details

  • Words: 892
  • Pages: 6
Nilesh Kumar nileshkumar83.blogspot.com

SSLStrip on Windows Abstract This paper is about the demonstration of SSL Hacking using SSLStrip tool. Though there are many articles over the topic but all are about performing on Unix machine. This paper shows how to run the SSLStrip tool on windows and hijack the SSL successfully.

The Problem Since all the articles cover the performance on Unix environment, the main problem I faced during the experiment was to get equivalent commands of Unix. Which was a tough task as Windows does not support most of the commands and also there were almost no equivalents in the case of Windows as it is not open source.

The Steps There are mainly fours steps to perform the experiment• • • •

Turn your machine into forwarding mode. Setup iptables to redirect HTTP traffic to sslstrip. Run sslstrip. Run arpspoof to convince a network they should send their traffic to you.

What is SSLStrip: SSLstrip works by watching http traffic, then by acting as a proxy when a user attempts to initiate an https session. While the user believes the secure session has been initiated, and SSLstrip has connected to the secure server via https, all traffic between the user and SSLstrip is http. This means "disastrous warnings" displayed by browsers are avoided, as to the browser the session appears normal. Login details can then be harvested. An https padlock logo can be spoofed in the URL bar, to further lull the user into a false sense of security. While SSL is generally accepted as being secure, security researchers have claimed SSL communications can be intercepted. In August last year, researcher Mike Perry said he had been in discussions with Google regarding an exploit he planned to release, which would allow a hacker to intercept a user's communications with supposedly secure websites over an unsecured Wi-Fi network. The way the SSLStrip tool works by:

1. Does an MITM on the HTTP connection

2. Replaces all the HTTPS links with HTTP ones but remembers the links which were changed

3. Communicates with the victim client on an HTTP connection for any secure link 4. Communicates with the legitimate server over HTTPS for the same secure link 5. Communication is transparently proxied between the victim client and the legitimate server 6. Images such as the favicon are replaced by images of the familiar "secure lock" icon, to build trust

7. As the MITM is taking places all passwords, credentials etc are stolen without the Client knowing.

Performing the Hijack Prerequisite: Install Python as SSLStrip is a Python based tool. You need two machines running Windows on same LAN-one for attacker, another for victim. Let’s denote Hacker’s machine as Machine H and Victim’s machine as Machine V. The scenario:

Step 1: Enable IP forwarding on Hacker’s Machine: Get the hacker machine into acting as a router as it needs to forward all the traffic coming to it to outside internet.

• • • • • • • • •

Start Registry Editor (Regedit.exe). In Registry Editor, locate the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Set the following registry value: Value Name: IPEnableRouter Value type: REG_DWORD Value Data: 1 A value of 1 enables TCP/IP forwarding for all network connections that are installed and used by this computer. Quit Registry Editor.

Step 2: Set a firewall rule that forwards HTTP traffic from the victim to hacker’s machine for modification. This was most challenging and time consuming part of the experiment as I was unable to find single command, tool or utilities to do that. In Unix the an IPtables command would do thatsudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

It will tell all HTTP traffic from victim coming on port 80 of hacker’s machine to redirect it on port 10000 on the same hacker’s machine. Port 10000 is used by SSLStrip tool by default. Tired of not finding any equivalent firewall utility for Windows to perform above rule I got few developers over here and told them the situation. After a series of discussion here is the Java command they came up withjava -classpath commons-logging.jar;portforward.jar org.enterprisepower.net.portforward.Forwarder 80 localhost:10000 It was forwarding all HTTP traffic received on port 80 of Hacker’s machine to port 10000 of the same machine. Step 3: ARP spoof the target traffic to redirect to hacker’s machine. Suppose the Victim machine’s IP is 192.168.1.10 and IP of the gateway is 192.168.1.1 Run the following command on hacker’s machinearpspoof –t 192.168.1.10 192.168.1.1 It will poison the victim machine ( 192.168.1.10) MAC table and instead of sending the traffic to Gateway (192.168.1.1) it will send to the hacker’s machine falsely assuming it as the real gateway. Step 4: Run SSLStrip on hacker’s machine. Run the following command on Hacker’s machinepython sslstrip.py -f lock.ico The SSLStrip will log all the traffic coming from Victim’s machine and strips the all the SSL link (https://) to http:// between the Victim and Hacker. Thus the traffic between the Victim to Hacker is transparent and in clear text.

Real life example: The following page appears on https:// in normal situation but here it is as http://

View page source can also reveal that links are stripped of SSL:

Here is Gmail on http://

An example of Log file of SSLStrip, Passwords logged:

References: SSLStrip tool: http://www.thoughtcrime.org/software/sslstrip/ ARP Spoofing: http://en.wikipedia.org/wiki/ARP_spoofing How SSL works: http://www.definityhealth.com/marketing/how_ssl_works.html

Related Documents


More Documents from "AlexThemelis"

My Phishing
July 2020 13
2c00146.pdf
November 2019 16
Sfasdf.docx
June 2020 5
Function Of Kidney
May 2020 6