Shulou(Shulou.com)06/01 Report--

ARP attacks how to achieve SSL downgrade, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

Background introduction

Tool introduction

Fping: surviving host detection

Nmap: Port scan

Arpspoof:ARP attack

Urlsnarf:URL monitoring

Ettercap: traffic sniffing

Sslstrip:SSL downgrade

Introduction of principle

1. Monitor HTTPS traffic through man-in-the-middle attacks

two。 Change the location in the redirect link, replace HTTPS with HTTP, and record

3. Change the hyperlink in the response content, replace HTTPS with HTTP, and record

4. HTTP communication with the user and HTTPS communication with the server to obtain user information in clear text

Implementation process 1. Information collection

Use fping to detect existing hosts

Note: 192.168.80.2 is the gateway and 192.168.80.104 is the native IP

View Gateway

Nmap scan port (not needed for this test, but usually required for penetration testing)

2. ARP private network forwarding

Enable IP forwarding

Echo 1 > / proc/sys/net/ipv4/ip_forward

ARP forged Gateway

View the target's URL access and pictures through driftnet and urlsnarf

Iptables Port Forwardin

Ettercap traffic monitoring

Ettercap-I eth0-T-M arp:remote / 192.168.80.101 / 192.168.80.2 /

Sslstrip-l 8080 downgrade

Through URL, you can see that HTTPS will be HTTP

Discover the login account and password by looking at sslstrip.log.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.