Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Published byBerenice Hailey Modified over 9 years ago

Similar presentations

Presentation on theme: "Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions."— Presentation transcript:

1 Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions

2 How HTTPS Works

3 HTTP v. HTTPS HTTP doesn't encrypt data at all HTTP doesn't encrypt data at all You can sniff traffic with Wireshark, ettercap, etc. You can sniff traffic with Wireshark, ettercap, etc. Completely insecure Completely insecure HTTPS uses public-key encryption to secure data HTTPS uses public-key encryption to secure data Much safer, but it can still be cracked to some extent by a man-in-the-middle attack Much safer, but it can still be cracked to some extent by a man-in-the-middle attack

4 Components of HTTPS When you use a secure session (HTTPS), these protocols work together: When you use a secure session (HTTPS), these protocols work together: Address Resolution Protocol (ARP) Address Resolution Protocol (ARP) Domain Name System (DNS) Domain Name System (DNS) Secure Sockets Layers (SSL) Secure Sockets Layers (SSL)

5 ARP Request and Reply Client wants to find Gateway Client wants to find Gateway ARP Request: Who has 192.168.2.1? ARP Request: Who has 192.168.2.1? ARP Reply: ARP Reply: MAC: 00-30-bd-02-ed-7b has 192.168.2.1 ClientGateway Gmail.com ARP Request ARP Reply

6 Demonstration Sniffing ARP with Wireshark Start Wireshark capturing packets Start Wireshark capturing packets Clear the ARP cache Clear the ARP cache arp –d * arp –d * Ping the default gateway Ping the default gateway

7 DNS Query and Response Client wants to find Gmail.com Client wants to find Gmail.com DNS Query: Where is Gmail.com? DNS Query: Where is Gmail.com? DNS Response: DNS Response: Gmail.com is at 64.233.171.83 ClientGateway Gmail.com DNS Query DNS Response

8 Demonstration Sniffing DNS with Wireshark Start Wireshark capturing packets Start Wireshark capturing packets Clear the DNS cache Clear the DNS cache ipconfig /flushdns ipconfig /flushdns Ping Gmail.com Ping Gmail.com

9 SSL Handshake SSL handshake has three stages: SSL handshake has three stages: Hellos Certificate, Key Exchange, and Authentication "Change cipher spec" – handshake finished The Gateway just forwards all this traffic to the Web server ClientGateway Gmail.com Hellos Cert, Key Exch & Auth Chg Ciph Spec

10 Demonstration Sniffing SSL Handshake with Wireshark Start Wireshark capturing packets Start Wireshark capturing packets Open a browser and go to yahoo.com Open a browser and go to yahoo.com Click the My Mail button Click the My Mail button

11 Open a Socket to Port 443 This is the usual SYN, SYN/ACK, SYN TCP handshake This is the usual SYN, SYN/ACK, SYN TCP handshake Port 443 is used for HTTPS Port 443 is used for HTTPS

12 Hellos Client Hello Client Hello Server sends Hello Server sends Hello This exchange is used to agree on a protocol version and encryption method This exchange is used to agree on a protocol version and encryption method

13 Certificate, Key Exchange, and Authentication Server sends Certificate Server sends Certificate Client sends Public Key Client sends Public Key Client Authenticates Certificate with Certificate Authority (not visible) Client Authenticates Certificate with Certificate Authority (not visible)

14 Change Cipher Spec Server sends "Change Cipher Spec" Server sends "Change Cipher Spec" Client sends "Change Cipher Spec" Client sends "Change Cipher Spec" SSL Handshake is done, now client can send encrypted Application Data SSL Handshake is done, now client can send encrypted Application Data

15 Summary of HTTPS Process SSL handshake has three stages: SSL handshake has three stages: Hellos Certificate, Key Exchange, and Authentication "Change cipher spec" – handshake finished ClientGateway Gmail.com ARP DNS SSL/TLS

16 Man-in-the-Middle Attack

17 Summary of Attack Hacker intercepts traffic Must defeat ARP, DNS, and SSL ClientGateway Gmail.com ARP Forwarded DNS SSH Hacker

18 ARP Cache Poisoning The Linux utility 'arpspoof' sends a constant series of ARP REPLIES The Linux utility 'arpspoof' sends a constant series of ARP REPLIES This diverts Ethernet traffic to the hacker This diverts Ethernet traffic to the hacker Part of the 'dsniff' package Part of the 'dsniff' package

19 DNS Spoofing The Linux utility 'dnspoof' listens for DNS queries The Linux utility 'dnspoof' listens for DNS queries Sends DNS responses sending Web server data to the hacker Sends DNS responses sending Web server data to the hacker Part of the 'dsniff' package Part of the 'dsniff' package

20 IP Routing 'fragrouter' can forward packets to their correct destination 'fragrouter' can forward packets to their correct destination That allows normal Web surfing (HTTP) That allows normal Web surfing (HTTP) Part of the 'dsniff' package Part of the 'dsniff' package This could also be done with 'iptables' This could also be done with 'iptables'

21 SSL Spoofing 'webmitm' creates a Certificate and intercepts SSL handshakes 'webmitm' creates a Certificate and intercepts SSL handshakes Part of the 'dsniff' package Part of the 'dsniff' package

22 Limitations of the Attack The SSL spoofing is not perfect The SSL spoofing is not perfect You can't actually log in and read email You can't actually log in and read email Internet Explorer sends your password to the hacker before giving up on the connection Internet Explorer sends your password to the hacker before giving up on the connection Firefox doesn't send your password to the hacker Firefox doesn't send your password to the hacker

23 Sources Hacking videos from link l_15b Hacking videos from link l_15b How to decrypt SSL encrypted traffic using a man in the middle attack (Auditor).swf How to decrypt SSL encrypted traffic using a man in the middle attack (Auditor).swf MITM Hijacking.wmv MITM Hijacking.wmv SSL Handshake information from l_15a (cs.bham.ac.uk) SSL Handshake information from l_15a (cs.bham.ac.uk)

Download ppt "Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions."

Similar presentations

Ethical Hacking Module VII Sniffers.

Ethical Hacking Module VII Sniffers.
Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.
Security Lab 2 MAN IN THE MIDDLE ATTACK

Security Lab 2 MAN IN THE MIDDLE ATTACK
SSL Man-in-the-Middle Attack over Wireless Vivek Ramachandran

SSL Man-in-the-Middle Attack over Wireless Vivek Ramachandran
Cryptography and Network Security

Cryptography and Network Security
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
Network Security (part 3). In our simple topologies from yesterday (generally built with hubs), there is nothing preventing a host from sniffing traffic.

Network Security (part 3). In our simple topologies from yesterday (generally built with hubs), there is nothing preventing a host from sniffing traffic.
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.

Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
SSL Spoofing Man-In-The-Middle attack on SSL Duane Peifer.

SSL Spoofing Man-In-The-Middle attack on SSL Duane Peifer.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.

Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

Similar presentations

Ads by Google