5 Pages

Hijacking Web 2.0 Sites with SSLstrip--Hands-on Training


Gain access to the library to view online
Learn more


Hijacking Web 2.0 Sites with SSLstrip--Hands-on Training



Published by
Reads 41
Language English


 SSLstriphijacking SSH SessionsWhat You Need for This Project A computer running Linux to be theAttacker(I wrote the instructions on a Ubuntu 8.04 virtual machine). A second computer running any OS to be theTargetused my Windows 7 host machine as the. I target. Goal The Attacker will serve as a proxy, converting secure HTTPS sessions to insecure HTTP ones.This will not be obvious to the user. Starting the Target Machine 1.Start yourTargetmachine. 2.Open a browser on yourTargetmachine and make sure you can connect to the Internet. Opening Facebook on the Target Machine 3.On yourTargetmachine, in Firefox, go tofacebook.comthat this page is not. Notice securethe URL starts with http instead of https, as shown below on this page. 4.On yourTargetmachine, in Firefox, clickView, "Page Source". Inthe "Source of http://www.facebook.com" window, clickEdit,Findthe Find: box at the bottom of the. In window, typeloginand click theNextbutton. 5.You can see the form statement for the login form.This shows that although the page is not secure, the actual login method uses a URL starting withhttpsWebsites use this. Many system: a single page has both secure and insecure items.That is the vulnerability we will exploit.
Page 1 of 5