Description: Welcome to Part 13 of the WLAN Security Megaprimer! Please start this series by watching Part 1 http://www.securitytube.net/video/1756, if you have not done so already.
In this video, we will learn how to conduct an SSL Man-in-the-Middle attacker over wireless. You are urged to watch the following videos as well created by me on this topic; these talk about the basics of the attack in more detail:
We will use the setup we created in the previous video and run a couple of new tools, namely - Dnsspoof and Burpsuite Proxy. The basic idea is to hijack the application running on the victim by first using Dnsspoof to inject spoofed DNS responses for the DNS requests made by the victim. Once the victim DNS cache is poisoned, all further requests will be sent to the attacker's IP address. Now in the SSL MITM case, we will run Burpsuite to attach a proxy to port 80 and 443. Now when the application on the victim sends any request it goes through the attacker's proxy. At this point, the attacker can passively monitor or modify any data sent to/from the victim almost transparently. The only indication the victim gets a alert on the browser window warning him of certificate problems. Now if he victim accepts the risk (which 95% users do) and clicks through the warning, the rest is history :)