Saturday, June 8, 2013


In my previous post I've discussed how user's session is hijacked and how SSL/TLS is incorporated for secure communication. But still the hackers can sniff the user credentials by breaking the SSL/TLS. This technique is referred to SSLstrip which was released by Moxie Marlinspike to demonstrate the vulnerabilities he spoke about at Black Hat Technical Security Conference: USA 2009.

In this scope I'll be using BackTrack, a Penetration Testing Distribution integrated with the below tools to scan the Network, set up Firewall rules, MIMA, monitor client-server HTTP connection and sniff packets.

  1. NMAP

SSLstrip strips out HTTPS links from unencrypted webpages, replaces them with HTTP links and sends the altered pages to the client. The client never sees an HTTPS link to click on, only the unencrypred HTTP version.

  • Techniques:   

1. First Scan your network and find the target using NMAP, a Network Scanner. In this case i got as the Target.

  2. Next I need to start the IP Forwarding which enables my machine to forward any network traffic it receives from the target to the router.

3. Next Set up port redirection using IPtables.

4. Next Man-In-The-Middle-Attack (MIMA) is begun by exploiting ARP Cache Poisoning to intercept network traffic between the target and the router.  

5. Start the SSLstrip tool and make it listen to default port 10000.

6. Start Ettercap to sniff the packets to fetch user credentials.

Once this setup is up and running perfectly, let the victim login the Facebook. In particular, the victim's HTTP traffic will be redirected to our port 10000, where SSLstrip is listening. After this we will be able to eavesdrop and steal all of the victim's passwords sent supposedly over SSL/TLS.

  • Protection:
1. Force-TLS add-on allows web sites to tell Firefox that they should be served via HTTPS in the future; this helps secure you from accidentally negotiating an insecure session with certain sites. 

2. HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL)

Happy Hacking...Enjoy...

For educational purpose only...Do not misuse it...


  1. Havee you ever considered abouut adding a litttle bit more than just your articles?
    I mean, what youu say is valuable and everything.
    Howevedr think of if you added some grat visuals oor videos to give
    your possts more, "pop"! Your content is excellent
    but with images and videos, this website coulpd certainly
    be one of the very best in its niche. Excellent blog!

    Alsso visit my web page - forgotten outlook password

  2. It had been later on signed up with simply by friends John along with Mike Houser in addition to online game developer
    Zachary Clarke. Such menus genherally offr a way to turn
    subtitles on and off. Yoou can actually select different heroes with different influence.

    my web site;télécharger gta 5 gratuit pour pc

  3. ӏ was curious iff yyou еver thought ߋf changing tɦe structure оf youir website?
    Itѕ ѵery աell written; I love ѡhat youve gοt tօ sаy.
    But maуbe yоu could a lіttle moгe iin thee
    wɑy օf content so people сould connect wіth it Ьetter.

    Youve got аan awful lot օf text for only Һaving one orr twο images.
    Ӎaybe ʏou could space it out bettеr?

    Αlso visit mƴ blog: twitter

  4. Yes! Finally somethiոg aƄout google.

    Αlso visit my web site :: Free hacking tools 2014

  5. Hеllo therе! Tɦis article cߋuld not bee written anyy Ƅetter!Loօking at this
    post reminds mе of my previous roommate! He constantly keрt preaching ɑbout this.
    I аm goinց to send thіs post tο hіm.

    Pretty ѕure ɦе'll Һave a very ɡood read. Ι apprecіate yοu ffor sharing!

    Herе іs my webpage :: xbox 360

  6. ceгtainly liҟe youг web-site ƅut үou need to test the spelling on quuite а few of уour
    posts. Maոy of them arе rife with spelling problems and Ι to fіnd іt verry bothersome tօ inform tɦе reality Һowever I will ceгtainly ϲome baсk agɑіn.

    Herе is myy webpage; facebook

  7. Hi everybodу, hеrе еveгy person iѕ sharing thhese
    kinds ߋf experience, ѕo it's fastidious tօo read tɦis
    webpage, ɑnd I used to visit this webpage everyday.

    Аlso visit my site; outils de piratage Gratuit 2014

  8. Can a person in India do a network scan of a person residing in a far off country or should the scan be done in the same network?

  9. I'm wondering if all of these are possible only if you are on the same network. I have to start doubting my neighbours for helping my remote stalker. He stays in India but is able to have access to my network in United States.

  10. You can scan other network also using nmap scanner.

  11. can u give a process to hack any facebook 100% successfully .... without using any social engineering methods like "phishing","keylogging"etc. I mean to say that through that process one is able to hack the victim without making any direct or indirect conversation with him.

  12. Hi.. use the other social engg tricks: !


If you like this post, comment please...