Everybody knows that https is http over SSL, and https is a secure way for protecting confidential data like bank account/password ,etc. Now I'd to show you how to crack https connections by MITM(Man in the middle)
As you know that ARP is not a good mechanism…For example, the ip of workstation "Sales100" is 192.168.10.100. When the packet destination is 192.168.10.100, the Gateway will ask"Who is 192.168.10.100"? Then Sales100 will rise his/her hand and say "it's me". What if I rise my hand first and pretend that I'm "192.168.10.100"? Those packets should send to workstation "Sales100" will send to my workstation first, and I could sniffer sales order, price, revenue ..it sounds scaring,right? That's MITM attack.
I use Ettercap and SSlStrip in the same time to make sure that I could get the password. Let's use Gmail for a simple test. You guys could take a look at my blog as below
http//
Don't get me wrong. I'm not trying to encourage you to do MITM. I just show you how it works. There is only a fine line between Offense and Defense. Precise knowledge of self and precise knowledge of the threat leads to victory.
gorvq7222,
Thank you - I believe I understand this idea of MITM a bit more (based on your explanation).
However, and please be patient with me as I do not perform internet/network security work myself, that the IP address 192.168.10.100 is an "Internal" IP address that only my "network-internal" computers can see, versus an "External" network IP address that the rest of the world can see.
I believe I understand the principal you are showing, which is an attacker's computer will be able to trick the originating sending computer into believing the attacker's computer has the same network IP address as the ultimate data recipient victim's network IP address; two computers on the same internal network with the 192.168.10.100 IP address.
So, would someone performing a MITM attack have to "get inside my internal network" first to be able to perform a MITM attack, at least for the 192.168.10.100 address example or could the attacker perform and MITM attack from outside of my internal network?
I always guessed that attackers tried to fool ISP servers to perform MITM attacks, meaning my computer would connect with the attacker's server instead of my ISP's server, but this just shows my ignorance I am sure D.
I am writing an article/guide on methods for attorneys to increase their data protection specifically for their physical devices (workstations and smartphones) so I am also curious to learn what other vulnerabilities exist and low hanging fruit methods to address them.
If you ever visit Chicago, please look me up and I will buy you dinner as thanks.
Regards,
Larry
@UnallocatedClusters
Depending on the "relevance" of the target, nothing (in theory ) prevents an hypothetical attacker to make some form of DNS spoofing
https://
which takes the MITM outside the internal network.
Even worse (of course this is not something a script kid can do) there has been recorded events of BGP hacking
http//
jaclaz
My intention is to show how to do MITM in a LAN environment, not outside the network…More and more Law Enforcement would like to take more "aggressive" actions to anti-terrorists. The scenario is that Agent 007 finds out the building where terrorists live. 007 also figures out the SSID of Wireless router those terrorists use. He successfully cracks that Wireless router and got the password.
Now he could access the Wireless router and he is in the same LAN with those terrorists, and all he needs to do is "ARP Spoof". So he could perform MITM that I show you guys in my blog. All he wants is to monitor their activities and figures their plans…
By the way, Larry, Thanks for inviting me for dinner. If I go to visit Chicago, I will let you know.
This kind of stuff exists as COTS products and can be bought from several vendors, just add water and a terabyte storage device.
The bad thing is that they break certs and CRLs, and smart users can see that they are being monitored.
You win some, you lose some.