Hello Friends this is one of the most common attack that most hacker do to amaze people and i am gonna make it simple for you all so that you can enjoy it and try to learn this is attack so are you all ready so lets start ...
Man In The Middle Attack
Concept :-

We Know that HTTP (Hypertext Transfer Protocol :port 8080:)simply sends all the information through plain text .So if we make the victim use HTTP instead of HTTPS to connect sites like Gmail , Pay pal. we will be able to carry out a successful MITM attack with out causing any suspicion To do this we are going to use a tool called SSL strip.

Tools Needed:

  • SSL strip: You can search Google for SSL strip it comes both in windows and Linux versions . I will be using the windows version in this tutorial

  • Ettercap to carry out mitm attacks.

    Steps to Perform MITM Attack

    1. Open SSL strip and fill in all the required information for arpsoof, network ,ssl strip, change data .If you don’t know what to enter simply click auto check . remember to check if HTTPS to HTTP is included in Change data , finally click ok

    2.Now select the victim’s IP and click open

    3. Now open ettercap go to sniff -unsniffed sniffing and select your network interface and click ok

    4. Now select hosts-scan hosts .Once scanning is completed .Open host list from hosts tab .Now select the IP address of the router as target 1 and the victims IP as target 2

    5. Now select mitm-arp poisoning and click ok as shown

    6. Finally select start-start sniffing .Now when the victim logs into gmail he will be using HTTP and not HTTPS Hence we are able to get the User id ,passwords as shown below

    Counter measures:

    1. whenever you perform an online transaction such as Credit card payment, Bank login or Email login always ensure that you Use HTTPS

    2. Always check the SSL certificate before doing an online transaction

    Stay Safe.Enjoy !!
    For Educational Purpose Only
  • Post a Comment

    1. Yes Of course those are Always in picture :)


    Feel Free To Ask Your Query we Love To Answer