Everybody knows that https is http over SSL, and https is a secure way for protecting confidential data like bank account/password ,etc. Now I'd to show you how to crack https connections by MITM(Man in the middle)

As you know that ARP is not a good mechanism...For example, the ip of workstation "Sales100" is 192.168.10.100. When the packet destination is 192.168.10.100, the Gateway will ask:"Who is 192.168.10.100"? Then Sales100 will rise his/her hand and say "it's me". What if I rise my hand first and pretend that I'm "192.168.10.100"? Those packets should send to workstation "Sales100" will send to my workstation first, and I could sniffer sales order, price, revenue ..it sounds scaring,right? That's MITM attack.

I use Ettercap and SSlStrip in the same time to make sure that I could get the password. Let's use Gmail for a simple test.

1.Run Ettercap and SSLStrip. The victim is 192.168.0.196.

2. Victim broswer will show warnings about certificate..Some users won't become aware of dangerous and will still proceed.

3. Victim starts to sign in Gmail

4.Keep an eye on the screen and you could see the Victim's username and password show up successfully.

Don't get me wrong. I'm not trying to encourage you to do MITM. I just show you how it works. There is only a fine line between Offense and Defense. Precise knowledge of self and precise knowledge of the threat leads to victory.

MITM to crack Https connections的更多相关文章

  1. Top 7 Myths about HTTPS

    Myth #7 – HTTPS Never Caches People often claim that HTTPS content is never cached by the browser; p ...

  2. Volley框架支持HTTPS请求。

    第一次写帖子,嘿嘿. 最近了解到google2013IO大会出了个网络框架,正好项目也需要用到,就看了下. 最后发现接口都是HTTPS的,但是Volley默认是不支持HTTPS,网上找了好久,都没有对 ...

  3. 【第六篇】Volley之https相关

    Volley之https信任所有证书实现: public class HttpsTrustManager implements X509TrustManager { private static Tr ...

  4. 透明 Transparent connections through HTTP proxies.

    透明语境: 5.7层模型中数据链路层:透明传输: 谈谈如何使用Netty开发实现高性能的RPC服务器 - Newland - 博客园 http://www.cnblogs.com/jietang/p/ ...

  5. HTTPS.SYS怎样使用HTTPS

    HTTPS.SYS怎样使用HTTPS 参考了MORMOT的官方文档:http://blog.synopse.info/post/2013/09/04/HTTPS-communication-in-mO ...

  6. BlackArch-Tools

    BlackArch-Tools 简介 安装在ArchLinux之上添加存储库从blackarch存储库安装工具替代安装方法BlackArch Linux Complete Tools List 简介 ...

  7. 图解HTTP 读书笔记

    1 了解Web及网络基础 1.1   HTTP/1.0 HTTP正式作为标准被公布实在1996年五月,版本命名为HTTP/1.0,记载于RFC1945.至今仍广泛使用在服务器端. RFC1945 – ...

  8. [Security] Web Security Essentials

    In this course, we'll learn how to exploit and then mitigate several common Web Security Vulnerabili ...

  9. WEB APPLICATION PENETRATION TESTING NOTES

    此文转载 XXE VALID USE CASE This is a nonmalicious example of how external entities are used: <?xml v ...

随机推荐

  1. 关于htmlspecialchars实体字符转码的问题

    php对post过来的数据进行实体字符转码,我的页面编码是gb2312,刚开始是这样: $post = htmlspecialchars ( $post); 取到的$post值为空,但是有时候是好的( ...

  2. Installing Redis on Ubuntu

    wget http://download.redis.io/redis-stable.tar.gz tar xvzf redis-stable.tar.gz cd redis-stable sudo ...

  3. mysql索引之四(索引使用注意规则:索引失效--存在索引但不使用索引)

    但是如果是同样的sql如果在之前能够使用到索引,那么现在使用不到索引,以下几种主要情况: 1. 随着表的增长,where条件出来的数据太多,大于15%,使得索引失效(会导致CBO计算走索引花费大于走全 ...

  4. JAVA CAS原理深度分析

    参考文档: http://www.blogjava.net/xylz/archive/2010/07/04/325206.html http://blog.hesey.net/2011/09/reso ...

  5. ruby中将数组转换成hash

    class Arraydef to_h(default=nil)Hash[ *inject([]) { |a, value| a.push value, default || yield(value) ...

  6. 如何构建日均千万PV Web站点

    http://www.cnblogs.com/xiaocen/p/3723839.html http://www.cnblogs.com/xiaocen/p/3726763.html http://w ...

  7. crm plugin 未能加载文件或程序集“xxxx,”或它的某一个依赖项。系统找不到指定的文件。

    plugin运行出错. 1  plugin文件如果是 注册到disk,应该是注册到 C:\Program Files\Microsoft Dynamics CRM\Server\bin\assembl ...

  8. 线程间操作无效: 从不是创建控件“”的线程访问它~~~的解决方法~ 线程间操作无效: 从不是创建控件“Control Name'”的线程访问它问题的解决方案及原理分析

    看两个例子,一个是在一个进程里设置另外一个进程中控件的属性.另外一个是在一个进程里获取另外一个进程中控件的属性. 第一个例子 最近,在做一个使用线程控制下载文件的小程序(使用进度条控件显示下载进度)时 ...

  9. MS SQL SERVER 数据库日志压缩方法与代码

    MS SQL性能是很不错的,但是数据库用了一段时间之后,数据库却变得很大,实际的数据量不大.一般都是数据库日志引起的!数据库日志的增长可以达到好几百M. DUMP TRANSACTION [数据库名] ...

  10. [转]dispatcher、redirect和chain三种result type的使用区别

    http://blog.163.com/zhangfei_jiayou/blog/static/562441782009826045248/ dispatcher:用于页面转发,页面跳转过程一直是同一 ...