Sniffing Ssl Traffic Using Sslstrip
|
|
|
||||||||||||
Description:
Moxie MarlinSpike released SSLStrip at Blackhat this year to demonstrate how easy it is to actually break SSL security, by simply replacing all "https://" URLs in a webpage with "http://" ones and then doing an MITM relaying between the Server and the Client. The basic idea is that the victim Client and attacker communicate over HTTP, and the attacker and Server, communicate over HTTPS using the Server's certificate. Thus, the attacker is able to see all the traffic in clear from the Client. Moxie's detailed talk is available for viewing here.
In this video Myownremote (myownremote [] googlemail [] com) shows a nice demo of the SSLStrip tool and how to use it with Ettercap effectively to sniff the SSL traffic of a victim. This is a recommended watch! We have also have another demo of the SSLStrip tool on SecurityTube here.
Thanks go out to Myownremote for submitting this video to SecurityTube. You can visit this blog for more interesting articles on security and hacking.
In this video Myownremote (myownremote [] googlemail [] com) shows a nice demo of the SSLStrip tool and how to use it with Ettercap effectively to sniff the SSL traffic of a victim. This is a recommended watch! We have also have another demo of the SSLStrip tool on SecurityTube here.
Thanks go out to Myownremote for submitting this video to SecurityTube. You can visit this blog for more interesting articles on security and hacking.