Everybody knows that https is http over SSL, and https is a secure way for protecting confidential data like bank account/password ,etc. Now I'd to show you how to crack https connections by MITM(Man in the middle)

As you know that ARP is not a good mechanism...For example, the ip of workstation "Sales100" is 192.168.10.100. When the packet destination is 192.168.10.100, the Gateway will ask:"Who is 192.168.10.100"? Then Sales100 will rise his/her hand and say "it's me". What if I rise my hand first and pretend that I'm "192.168.10.100"? Those packets should send to workstation "Sales100" will send to my workstation first, and I could sniffer sales order, price, revenue ..it sounds scaring,right? That's MITM attack.

I use Ettercap and SSlStrip in the same time to make sure that I could get the password. Let's use Gmail for a simple test.

1.Run Ettercap and SSLStrip. The victim is 192.168.0.196.

2. Victim broswer will show warnings about certificate..Some users won't become aware of dangerous and will still proceed.

3. Victim starts to sign in Gmail

4.Keep an eye on the screen and you could see the Victim's username and password show up successfully.

Don't get me wrong. I'm not trying to encourage you to do MITM. I just show you how it works. There is only a fine line between Offense and Defense. Precise knowledge of self and precise knowledge of the threat leads to victory.

MITM to crack Https connections的更多相关文章

  1. Top 7 Myths about HTTPS

    Myth #7 – HTTPS Never Caches People often claim that HTTPS content is never cached by the browser; p ...

  2. Volley框架支持HTTPS请求。

    第一次写帖子,嘿嘿. 最近了解到google2013IO大会出了个网络框架,正好项目也需要用到,就看了下. 最后发现接口都是HTTPS的,但是Volley默认是不支持HTTPS,网上找了好久,都没有对 ...

  3. 【第六篇】Volley之https相关

    Volley之https信任所有证书实现: public class HttpsTrustManager implements X509TrustManager { private static Tr ...

  4. 透明 Transparent connections through HTTP proxies.

    透明语境: 5.7层模型中数据链路层:透明传输: 谈谈如何使用Netty开发实现高性能的RPC服务器 - Newland - 博客园 http://www.cnblogs.com/jietang/p/ ...

  5. HTTPS.SYS怎样使用HTTPS

    HTTPS.SYS怎样使用HTTPS 参考了MORMOT的官方文档:http://blog.synopse.info/post/2013/09/04/HTTPS-communication-in-mO ...

  6. BlackArch-Tools

    BlackArch-Tools 简介 安装在ArchLinux之上添加存储库从blackarch存储库安装工具替代安装方法BlackArch Linux Complete Tools List 简介 ...

  7. 图解HTTP 读书笔记

    1 了解Web及网络基础 1.1   HTTP/1.0 HTTP正式作为标准被公布实在1996年五月,版本命名为HTTP/1.0,记载于RFC1945.至今仍广泛使用在服务器端. RFC1945 – ...

  8. [Security] Web Security Essentials

    In this course, we'll learn how to exploit and then mitigate several common Web Security Vulnerabili ...

  9. WEB APPLICATION PENETRATION TESTING NOTES

    此文转载 XXE VALID USE CASE This is a nonmalicious example of how external entities are used: <?xml v ...

随机推荐

  1. Linux Deepin 2014安装Lenovo LJ2600D驱动

    双11老师给实验室抢了个Lenovo LJ2600D的USB接口打印机,并用旧的HP-1080MFP网络打印服务器连接上了.Windows下就不多说了,官方给的驱动就是针对它的,同学们都用得爽爆了,因 ...

  2. Mac下安装JDK 6

    https://support.apple.com/kb/DL1572?viewlocale=zh_CN&locale=en_US 下载 , 安装

  3. js跳转页面方法整理

    1.window.location.href方式 window.location.href="http://www.zgw8.com"; 2.window.navigate方式跳转 ...

  4. Python深入02 上下文管理器

    作者:Vamei 出处:http://www.cnblogs.com/vamei 欢迎转载,也请保留这段声明.谢谢! 上下文管理器(context manager)是Python2.5开始支持的一种语 ...

  5. grep和sed替换文件中的字符串

    sed -i s/"str1"/"str2"/g `grep "str1" -rl --include="*.[ch]" ...

  6. NPOI高效匯出Excel

    using System.Collections.Generic; using System.Data; using System.IO; using System.Linq; using NPOI. ...

  7. SQL锁表解决并发性

    在数据库开发过程中,不得不考虑并发性的问题,因为很有可能当别人正在更新表中记录时,你又从该表中读数据,那你读出来的数据有可能就不是你希望得到的数据.可以说有些数据同时只能有一个事物去更新,否则最终显示 ...

  8. 京东校招笔试(C++方向)编程题

    这次笔试是今年校招我参加的第一次笔试..出了很多状况,基础知识不扎实,导致选择题耽误了太多时间,导致后面的题目没做完,编程题也没有在 时间内写出来,基本没有面试机会了.不过我继续研究第二个编程题,在1 ...

  9. (medium)LeetCode 238.Product of Array Except Self

    Given an array of n integers where n > 1, nums, return an array output such that output[i] is equ ...

  10. Longest Increasing Subsequence(DP)

    public static int LIS(List<Integer> al) { int[] arr = new int[al.size()]; int lis = 0; arr[0] ...