Description: Marlinspike made a great presentation in Blackhat this year on how to subvert SSL (HTTPS) protection used bu major sites around the Internet for security. The interesting thing is that he does not really break the SSL protocol itself, but instead demonstrates that as HTTP is the entry point into any SSL communication, subverting HTTP allows a hacker to take control of the HTTPS communication as well.
Marlinspike also released the SSLStrip tool to automate this attack. Download SSLstrip from Moxie's website or from here. Using the SSLStrip tool Marlinspike was able to retreive over 130 usernames and passwords over a Tor network. These credentials were from sites such as Gmail, Yahoo, Linkedin, Paypal etc.
The way the SSLStrip tool works by:
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
NICEEEEEEEEEEE....
I need someone who is capable of hacking* websites & accessing their email database
I don't need scraping,web crawling or extractors
I need this sites HACKED so I gain access to their email DB
I will need to test the result u give me,if it checks out,I am willing to pay up to 3000$
per website and 10-20 websites monthly,which will increase upon delivery of faster & quality
service
Pls note,CONTINUITY is what I am after...I NEED A GOOD PARTNER I CAN WORK WITH FOR A VERY
LONG TIME!. I HAVE AT LEAST 500 WEBSITES ON MY LIST AND IM WILLING TO PAY 3000$ PER WEBSITE
PLEASE SEND ME A MAIL IF U CAN DO THIS ASAP ; omorye007 (at) yahoo (dot) com
Cheers
Very interesting approach. The use of Apps in Windows 8 and mobile platforms will probably render this less efficient but this is still deadly.