Man in the middle attack for SSL connection
During this type of attack two parties are communicating with one another and hacker inserts itself into the conversation and attempts to alter or eavesdrop on the conversation. The attacker has to be able to sniff traffic between the two parties. We will look at performing man in the middle attack using utility called SSLStrip. We are using kali linux distribution as it already comes with all necessary tools installed.
1. Enable IP forwarding so all traffic go through our host or user will loose connectivity
2. In order to tell the victim host that now we (our MAC address) are the one belonging to the IP of the gateway enter the following command:
In a seperate shell we start the matching command to fool gateway to belive we are victim.
3. Setup firewall rule on the system to redirect traffic from port 80 to port 8080
4. Run sslstrip
5. Access any ssl website on the target and then Ctrl+c to stop test. View sslstrip.log file and see information gathered.
Example of Man in the middle attack with driftnet and urlsnarf
We will try to view images that are being displayed on victim systems via web browser. In order to do this we will be running Man in the middle attack.
1. If you need to discover IP addresses you can scan subnet with nmap. If you already know your target then go to step 2.
2. On your system from which you want to run Man in the Middle Attack run 3 terminal windows and in each of them run following commands
sudo arpspoof -i eth0 -t 192.168.0.13 192.168.0.1 sudo arpspoof -i eth0 -t 192.168.0.1 192.168.0.13 sudo driftnet -i eth0
3. To catch URL’s you run the following command