DotNick: Monday, December 24, 2012

Well this is the tutorial based article, so you must know about SSL (Secure Socket Layer) and something about Backtrack 5 because we are usingBacktrack 5 for this tutorial, if you are using some old version like backtrack4 or if you are using some other Linux so you must be sure to install all the dependencies that being used in this tutorial.

Secure socket layer or SSL used to established a secure and encrypt connection between user and the server and we would like to break this secure connection so the sniffing will be occur successfully.

To crack SSL protection we launch man in the middle attack, so doing this we need some tools and the requirement list is

· Linux (Backtrack)

· Arpspoff

· IP Table

· SSL Strip

· Netstat

Now start the game first of all, make your Linux box to start port forwarding use this command.

echo '1' > /proc/sys/net/ipv4/ip_forward

After this your Linux box will able to forward all the packets, now you must know about your gateway IP, to know about your gateway use the command

netstat -nr

Now use ARPSpoof to perform attack

arpspoof -i eth0 192.168.8.8

Here eth0 represents the network interface card if you are using wireless link than it may be wlan0, while 192.168.8.8 is the default gateway in your case may be it different normally people are using 192.168.1.1 or 10.0.0.1

Its time to use SSL Strip, download and install SSL strip from the official website shared before, after installation we are using SSL strip, make your firewall to redirect all the traffic from port 80 to port 8080 so use the command

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

After this make all the traffic to go from ARPspoof tables

echo '1' > /proc/sys/net/ipv4/ip_forward

arpspoof -i eth0 192.168.8.8