Linux and Open Source Blog

  • Home
  • WordPress Plugins
  • About
  • Contact

Tag Archives: ssl sniffing

How to sniff or hack someone’s username and password even if it is over an SSL encrypted connection

Posted on November 28, 2007 by Linewbie.com Posted in applications/software, guides, how to, security .

Introduction

Do you think you’re safe if you type https :// before paypal.com? I hope you’ll think twice before you login from a computer connected to a wireless network after reading this guide. Let’s start at the beginning. Let’s say you have an evil neighbour who wants your paypal credentials. He buys himself a nice laptop with a wireless card and, if you are using a wep encryption, he cracks your wep code (click here to see how). After cracking the key he logs into your network. Maybe you always allowed him to use your network because you thought it can’t do any harm to your computer. You aren’t sharing any folders so what’s the problem? Well, in the next few steps I’m going to describe the problem.

The guide

1. Let’s assume your neighbour uses linux to crack your wep key. After cracking it, he installs ettercap (http://ettercap.sourceforge.net/) on his linux system. If you want to do this at home, I would recommend you to download BackTrack because it already has everything installed. Look at the WEP cracking guide I mentioned above for more info about BackTrack. If you want to install it on your own linux distribution, download the source and install it with the following commands:

$ tar -xzvf ettercap-version.tar.gz
$ make
$ make install

2. After installing, you need to uncomment some code to enable SSL dissection. Open up a terminal window and type “nano /usr/local/etc/etter.conf”, without the quotes. Scroll down using your arrow keys until you find this piece of code:

# if you use iptables:
# redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rport”
# redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rport”

You need to uncomment the last two lines.

# if you use iptables:
redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rport”
redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp –dport %port -j REDIRECT –to-port %rport”

3. Press CTRL+O, press enter to safe the file and then press CTRL+X.

4. Boot Ettercap and click on Sniff > Unified Sniffing > type in your wireless interface and press ok.

5. Press CTRL+S to scan for hosts

6. Go to MITM > ARP poisoning, select sniff remote connections and press ok.

7. Now you (and your neighbour!) can start sniffing! Press start > start sniffing. Walk to another computer on your network and open up paypal or any other site where you need to type in an username/password (gmail, hotmail, digg.com, etc.). All credentials will appear on the computer running Ettercap!

8. When you’re done, don’t just close Ettercap, but go to Start > Stop Sniffing, and then go to MITM > Stop mitm attack(s).

But how does all this stuff work?

Look at the following scheme:

Normally when you type in a password, host 1 (your computer) directly connects to host 2 (your modem or router). But if someone launced Ettercap on your network, host 1 isn’t sending it’s passwords to host 2, but to the Attacking host, the host that’s running Ettercap! The attacking host sends everything to Host 2. This means that host 1 isn’t noticing anything! Exactly the same happens with everything that host 2 is sending. Host 2 doesn’t send packets directly to host 1, but forst to the attacking host.

28 Comments .
Tags: ettercap, hack, hacking password, password, sniffing, sniffing username, ssl cracking, ssl hacking, ssl security, ssl sniffing, username .

Recent Posts

  • Does an un-confirmed Bitcoin transaction expire?
  • Looting of the Fox: The Story of Sabotage at ShapeShift
  • Decentralization, Scalability, and Fault Tolerance of Bitcoin
  • Stripe will soon accept Bitcoin payments
  • Zynga announces Bitcoin acceptance in game
  • How to import very large sql dump via phpmyadmin
  • How to compare the content of two folders automatically
  • Top 5 reasons to start experimenting with Linux
  • The day our mind became open sourced
  • Mark Shuttleworth wants to turn canonical (ubuntu) into the next Apple Inc.

Categories

  • applications/software (26)
    • browsers (2)
    • development (1)
    • information management (1)
    • Mobility (1)
    • multimedia (5)
    • office suites (2)
    • security (6)
    • servers (6)
    • system (2)
  • audio/video/pics (3)
  • Bitcoin (3)
  • books & literature (1)
  • cms/portals (1)
  • desktop environments (7)
    • gnome (2)
    • kde (5)
  • events/shows (3)
    • interviews (1)
    • people (1)
    • surveys (1)
  • games & gaming (2)
  • general topics (4)
  • guides (112)
    • how to (105)
    • tips (87)
    • tutorials (86)
  • hardware (8)
    • desktop & laptop pc (5)
    • gadgets & mobiles (2)
  • howtoforge (47)
  • internet/web (4)
    • design & development (2)
  • linux and open source blog (49)
  • linux.com (76)
  • linux/unix/os distros (113)
    • debian/ubuntu based (10)
    • mac/osx (2)
    • other distros (3)
  • news (217)
  • open source (8)
    • business & foss (2)
  • other (26)
    • uncategorized (26)
  • Programming (3)
    • PHP (2)
  • quotes & thoughts (10)
  • random stuff (4)
    • cool stuff (3)
    • funny stuff (1)
  • review/preview/tests (7)
  • wordpress/blogging (3)

Archives

  • July 2016
  • April 2016
  • January 2015
  • April 2014
  • January 2014
  • November 2013
  • February 2013
  • November 2012
  • April 2012
  • March 2012
  • January 2012
  • December 2011
  • August 2011
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007
  • April 2006

Recent Posts

  • Does an un-confirmed Bitcoin transaction expire?
  • Looting of the Fox: The Story of Sabotage at ShapeShift
  • Decentralization, Scalability, and Fault Tolerance of Bitcoin
  • Stripe will soon accept Bitcoin payments
  • Zynga announces Bitcoin acceptance in game
  • How to import very large sql dump via phpmyadmin
  • How to compare the content of two folders automatically
  • Top 5 reasons to start experimenting with Linux
  • The day our mind became open sourced
  • Mark Shuttleworth wants to turn canonical (ubuntu) into the next Apple Inc.

Categories

  • applications/software (26)
    • browsers (2)
    • development (1)
    • information management (1)
    • Mobility (1)
    • multimedia (5)
    • office suites (2)
    • security (6)
    • servers (6)
    • system (2)
  • audio/video/pics (3)
  • Bitcoin (3)
  • books & literature (1)
  • cms/portals (1)
  • desktop environments (7)
    • gnome (2)
    • kde (5)
  • events/shows (3)
    • interviews (1)
    • people (1)
    • surveys (1)
  • games & gaming (2)
  • general topics (4)
  • guides (112)
    • how to (105)
    • tips (87)
    • tutorials (86)
  • hardware (8)
    • desktop & laptop pc (5)
    • gadgets & mobiles (2)
  • howtoforge (47)
  • internet/web (4)
    • design & development (2)
  • linux and open source blog (49)
  • linux.com (76)
  • linux/unix/os distros (113)
    • debian/ubuntu based (10)
    • mac/osx (2)
    • other distros (3)
  • news (217)
  • open source (8)
    • business & foss (2)
  • other (26)
    • uncategorized (26)
  • Programming (3)
    • PHP (2)
  • quotes & thoughts (10)
  • random stuff (4)
    • cool stuff (3)
    • funny stuff (1)
  • review/preview/tests (7)
  • wordpress/blogging (3)

Archives

  • July 2016
  • April 2016
  • January 2015
  • April 2014
  • January 2014
  • November 2013
  • February 2013
  • November 2012
  • April 2012
  • March 2012
  • January 2012
  • December 2011
  • August 2011
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007
  • June 2007
  • May 2007
  • April 2006
Privacy Policy

Est. 2002

linewbie.com serving the linux and open source community since April 09, 2002

CyberChimps WordPress Themes

© Linux and Open Source Blog