【网络安全】SSLSplit中间人攻击实例

最新推荐文章于 2024-07-28 01:17:00 发布
最新推荐文章于 2024-07-28 01:17:00 发布
阅读量8.6k 收藏 2
点赞数
分类专栏: Network Security
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/jiayanhui2877/article/details/30720759
版权
本文详细介绍了如何使用SSLSplit工具执行中间人攻击,覆盖了从原理到安装运行的全过程。通过SSLsplit,可以拦截并记录各种SSL流量,如HTTPS、IMAP over SSL、SMTP over SSL等。教程中包括了流量重定向、安装运行SSLsplit、创建并安装根CA证书以及实际操作示例。
摘要由CSDN通过智能技术生成

https://cryto.org/sslsplit-unter-kali-linux-einrichten/

I recently demonstrated how to perform a man-in-the-middle attack on HTTP(S) connections using mitmproxy. While mitmproxy works just great for HTTP-based communication, it does not understand other TLS/SSL-based traffic such as FTPS, SMTP over SSL, IMAP over SSL or any other protocol wrapped in TLS/SSL.

SSLsplit is a generic transparent TLS/SSL proxy for performing man-in-the-middle attacks on all kinds of secure communication protocols. Using SSLsplit, one can intercept and save SSL-based traffic and thereby listen in on any secure connection.

Contents
  1. 1. How it works
  2. 2. Install & run SSLsplit
    1. 2.1. Redirect traffic
    2. 2.2. Installation
    3. 2.3. Create and install root CA certificate
    4. 2.4. Enable IP forwarding and NAT engine (iptables)
    5. 2.5. Run SSLsplit
  3. 3. Examples
    1. 3.1. Sniffing HTTPS (google.de & facebook.com)
    2. 3.2. Sniffing IMAP over SSL (imap.gmail.com)
    3. 3.3. Sniffing SMTP over SSL (smtp.gmail.com)

1. How it works

SSLsplit works quite similar to other transparent SSL proxy tools: It acts as a middle man between the client and the actual server. Provided that traffic is being redirected to the server on which SSLsplit is running (by changing the default gateway, ARP spoofing or other means,see below), SSLsplit picks up SSL connections and pretends to be the server the client is connecting to. To do so, it dynamically generates a certificate and signs it with a the private key of a CA certificate that the client must trust.

If, for example, a client wants to send an e-mail using the secure Gmail SMTP server (smtp.gmail.com on port 465), SSLsplit creates a certificate for “smtp.gmail.com” and thereby pretends to be the Gmail mail server towards the client. In the upstream direction (towards the actual Gmail mail server), SSLsplit connects to the server just like a normal client — forwarding all the traffic the actual client writes on the SSL socket.

If you are interested in a little more details, please check out the “How it works” section of the post aboutHTTPS interception with mitmproxy. The basic concept is the same, so it should be relatively easy to understand.

Advertisement

2. Install & run SSLsplit

After explaining the basic concept of how SSLsplit works, this section will describe how to actually use it to intercept SSL (and non-SSL) traffic.

2.1. Redirect traffic

This tutorial assumes that you have already placed your attacker system somewhere in between the victim machine and the server. This can be done in many different ways — here are some examples:

  • Use ARP spoofing to redirect the traffic of the victim by publishing false mappings from the standard gateway MAC address to the attacker’s IP address. You do not need physical access to the victim’s device to do that. Check out thearpspoof tool.
  • Change the default gateway address in the victim’s network settings. This is the easiest method if you have access to the victim’s device.
  • Forging DNS entries with a DNS server that returns the attacker’s IP address for certain (or all) domains. See my tutorial aboutDNS spoofing with Dnsmasq to learn how to do that.
  • Redirect traffic for individual domains by modifying entries in the /etc/hosts file of the victim’s machine.

As mentioned above, the easiest way is to just change the default gateway address in your victim’s device to the attacker’s IP address. That makes sure that all the traffic goes through your machine. And since we later need to install a CA certificate, we need physical access to the victim’s machine anyway.

2.2. Installation

As of now, there is no Debian package in the repositories for SSLsplit. The code is hosted on different mirrors, managed by the authorDaniel Roethlisberger, as well ason Github.

To download and compile SSLsplit, run the following commands:

These commands download and extract the source code (wget, bunzip2,tar), install necessary dependencies (apt-get), and then compile it usingmake.

The temporary directory created at /tmp/sslsplit is later used to dump the connection log file and the raw data of the incoming and outgoing SSL sockets.

2.3. Create and install root CA certificate

For SSLsplit to act as a middle man for SSL connections, it needs to be able to generate and sign certificates that the victim trusts. In order to do so, the victim must have the attacker’sroot CA certificate in its trust store. Depending on the type of client (desktop browser, mobile phone), installing root certificates differs a bit (see here forFirefox,Windows,Android, …)

If you don’t already have a self-signed CA private key and certificate, you can generate one using the following commands:

The first command generates an 4096-bit RSA private key in PEM format (ca.key), and the second command uses this private key to generate a self-signed root CA certificate (ca.crt). Both are needed by SSLsplit later, but only the certificate file needs to be installed in the browser or operating system of the victim.

2.4. Enable IP forwarding and NAT engine (iptables)

In this example, SSLsplit will be running on two ports: 8080 for non-SSL TCP connections such as HTTP, SMTP or FTP, and 8443 for SSL connections such as SMTP over SSL, HTTPS, etc. In order to forward packets arriving at the attacker’s machine to these internal ports, the NAT engine in iptables can be used.

最低0.47元/天 解锁文章
Walter_Jia
关注
专栏目录
wireshark网络安全分析工具之万文多图详解(持续更新)
herosunly的博客
03-16 8万+
1. 基本介绍 2. 下载与安装 3. 详细教程 3.1 软件界面介绍 3.1.1 菜单栏 3.1.2 工具栏 3.1.3 数据包列表区 3.1.4 数据包详细区 3.1.5 数据包字节区 3.2 Wireshark过滤器 3.2.1 捕获过滤器 3.2.2 显示过滤器 3.3 过滤规则 3.3.1 语法讲解 3.3.2 过滤实例 4. 实战案例......
网络安全】SQL注入原理及常见攻击方法简析
等风来
04-18 6788
因此,攻击者可以在用户名或密码中添加 --,来注释掉后面的字符串,从而绕过过滤器的检测。攻击者不停地尝试不同的SQL语句,观察程序的响应时间,从而判断SQL语句是否正确,进而获取数据库中的敏感信息。该方法的基本原理是,在输入框中输入一个带有单引号的字符串,如果应用程序对输入参数没有进行正确的过滤和转义,则会发生语法错误,进而证明存在 SQL 注入漏洞。基于布尔盲注的SQL注入攻击是一种利用目标Web应用程序对SQL查询条件正确/错误响应的不同表现来推测查询语句的正确性,从而获取数据库中敏感信息的攻击方式。
基于ssl中间人攻击例子
09-23
实现一个ssl的客户端和服务端,作为中间人攻击,截取ssl通讯中的密文数据,并进行解密,使用时用把所有的报文都转向给程序所在的机器。
Https中间人攻击实例演示
张平的专栏
07-17 2322
实现抓包后对请求url断点调试,篡改报文 拦截APP请求,修改请求参数重新触发请求 应用场景: 拦截请求报文,篡改请求报文,篡改响应报文等。 先看效果: 篡改前页面: 篡改后页面: 配置步骤: 1、选中要拦截监控的url,选择如下图,开启抓包监控: 2、再次刷新APP页面,触发请求,此时会发现请求进入断点拦截——此时可以选择Edit Request来篡改请求报文 3、接着点击Excute执...
精通 Kali Linux Web 渗透测试(二)
最新发布
龙哥盟
07-28 464
尽管一些攻击受到了很多关注和荣耀,但推动社会对网络的依赖的信任关系至关重要。对这些信任机制的攻击非常令人担忧,因为它们经常让用户和应用程序开发人员对妥协毫不知情。本书涵盖的许多其他威胁以及 OWASP 十大威胁中所代表的威胁是网站应用程序所有者可以控制或有权利纠正的。然而,基于加密或 PKI 的攻击涉及到其他领域的方面,比如证书颁发机构的完整性,网络对 ARP 注入的容忍度,以及应用程序自身域之外的局域网的完整性。
网络安全SSLSplit实现中间人攻击
weixin_35771144的博客
03-08 410
  中间人攻击,即在中间监听获取网络数据以便获取的有价值的信息实现攻击破坏的目的,即client-mid man-server,此处介绍的sslsplit可以作为mid man监听ssl信息及HTTP信息。http不做介绍仅仅实现代理功能,ssl实现代理的同时要与服务器建立连接,同时伪造证书与客户端建立连接,即双连接,依据获取的client信息再与服务器通信,从而实现明文数据监听。&#1...
中间人攻击
weixin_40191861的博客
08-24 208
(英語:,缩写:)在密码学和领域中是指攻击者与通讯的两端分别建立独立的联系,并交换其所收到的数据,使通讯的两端认为他们正在通过一个私密的连接与对方直接对话,但事实上整个会话都被攻击者完全控制。在中间人攻击中,攻击者可以拦截通讯双方的通话并插入新的内容。在许多情况下这是很简单的(例如,在一个未加密的的接受范围内的中间人攻击者,可以将自己作为一个中间人插入这个网络)。一个中间人攻击能成功的前提条件是攻击者能将自己伪装成每一个参与会话的终端,并且不被其他终端识破。中间人攻击是一个(缺乏)相互认证的攻击。
中间人攻击的实践与原理(ARP毒化、DNS欺骗)
hello_mumu的博客
02-25 2091
一、共享网络与交换网络的区别 1、共享网络 在共享网络中,由于HUB属于一层设备,对于到达本身的数据报文,HUB会对报文进行广播(除了收到报文的那个接口),因此接在同HUB的所有PC都能收到该报文。前提PC开启了混杂模式 注: 通常情况下,网卡都是工作在非混杂模式,也就是说即使收到数据报文,网卡会判断目的MAC是否和自己的一样,不一样的话代表数据包不是给自己的,因此...
Qt实现360安全卫士9.2(再度来袭) 内附实例源码
10-14
继360安全卫士9.1之后,应广大爱好者要求,持续升级! 此版本包括:主界面、换肤界面、新版特性界面、关于我们界面、登录界面(36.、人人、新浪可切换)、注册界面、系统托盘、多语化实现、边框阴影效果等! 资源...
xss攻击实例
frinck的博客
10-16 5070
Cross Site Script 攻击者利用应用程序的动态展示数据功能,在 html 页面里嵌入恶意代码。当用户浏览该页之时,这些嵌入在 html 中的恶意代码会被执行,用户浏览器被攻击者控制,从而达到攻击者的特殊目的。 1.分类 ????反射型跨站脚本攻击 攻击者会通过社会工程学手段,发送一个 URL 连接给用户打开,在用户打开页面的同时,浏览器会执行页面中嵌入的恶意脚本。 ✨存储型跨站脚本攻...
SSL破解工具SSLsplit.zip
07-16
SSLsplit 是一个针对SSL/TLS加密的网络连接进行攻击,为网络取证和渗透测试的工具。它会终止SSL / TLS和启动一个新的连接到原来的目的地,记录所有传输的数据。它支持普通的TCP和SSL,HTTP和HTTPS,和IPv4和IPv6。为SSL和HTTPS,它生成并签署伪造X509v3证书上飞使用的原始凭证的主题DN和subjectAltName扩展。它支持服务器名称显示,RSA,DSA和ECDSA密钥,DHE 和ECDHE密码套件。如果私钥是可用的,它也可以使用现有的证书。 SSLsplit is a tool that performs man-in-the-middle attacks against SSL/TLS encrypted network connections for network forensics and penetration testing. It terminates SSL/TLS and initiates a new connection to the original destination, logging all data transmitted. It supports plain TCP and SSL, HTTP and HTTPS, and IPv4 and IPv6. For SSL and HTTPS, it generates and signs forged X509v3 certificates on-the-fly using the original certificate's subject DN and subjectAltName extension. It supports Server Name Indication, RSA, DSA, and ECDSA keys, and DHE and ECDHE cipher suites. It can also use existing certificates if the private key is available.
kali Linux 中间人攻击
weixin_39293607的博客
02-25 822
# 商业转载请联系作者获得授权,非商业转载请注明出处。 # For commercial use, please contact the author for authorization. For non-commercial use, please indicate the source. # 协议(License):署名-非商业性使用-相同方式共享 4.0 国际 (CC BY-NC-SA 4.0) # 作者(Author):Tony stark # 链接(URL):https://future.tony
MITM(中间人攻击
MyFreeIT
06-09 905
TODO 稍等中间人攻击(英语:Man-in-the-middle attack,缩写:MITM)在密码学和计算机安全领域中是指攻击者与通讯的两端分别创建独立的联系,并交换其所收到的数据,使通讯的两端认为他们正在通过一个私密的连接与对方直接对话,但事实上整个会话都被攻击者完全控制。在中间人攻击中,攻击者可以拦截通讯双方的通话并插入新的内容。在许多情况下这是很简单的(例如,在一个未加密的Wi-Fi 无线接入点的接受范围内的中间人攻击者,可以将自己作为一个中间人插入这个网络)。一个中间人攻击能成功的前提条件是攻
Windows网络安全——利用kali作为中间人进行攻击
摆正心态
12-10 2847
中间人攻击(Kali) 一、内容:Kali中间人攻击 二、目标 使用kali系统模拟攻击者,利用中间人的攻击手段来获取用户登录的用户名与密码 主要明确原理与漏洞点(接下来讲的,所有的设备都有这个漏洞) 简单描述一下中间人攻击手段,就是两端通信,但是得经过中间人,然后这两个人还不知道数据已经经过了中间人,而他们的数据交互中间人一清二楚,也可以篡改,今天不做篡改,做窃听。 三、环境介绍及拓扑图 1.虚拟机软件:VMWare 2.虚拟机三台:WindowsXP——模拟客户机 ​ Windows se
HSTS详解,以及HSTS VS 301 redirect
zzhongcy的专栏
10-30 910
看到这篇文章,感觉不错,这里转载记录一下:https://juejin.cn/post/6844903865788137479本文主要是通过梳理一下相关概念,理清这两种配置的目的。
基于SSLStrip的HTTPS会话劫持
Boffi
11-29 1986
http://blog.sina.com.cn/s/blog_6b6e6bad01010fqb.html 0 引言 HTTPS作为一种安全的HTTP数据传输协议,被广泛应用于万维网上敏感信息的通信,例如交易支付等方面。然而,HTTPS也存在自身的缺陷,不能绝对保证服务端自身的安全。在网络攻防中,威胁服务器安全的行为时有发生,最常见的例子就是使用模仿银行域名的钓鱼攻击(Phishing)。随
中间人攻击(MITM)姿势总结
热门推荐
weixin_41282397的博客
01-02 1万+
相关学习资料   http://www.cnblogs.com/LittleHann/p/3733469.html http://www.cnblogs.com/LittleHann/p/3738141.html http://www.cnblogs.com/LittleHann/p/3741907.html http://www.cnblogs.com/LittleHann/p/37082...
掌握网络防御:常见攻击手段及防范策略
- 典型应用包括网络钓鱼和中间人攻击 - 需要高级技巧执行,检测和防御复杂 4. **泛洪攻击**: - 通过大量数据或请求淹没系统资源,导致服务中断 - 如DDoS(分布式拒绝服务)攻击 - 难以检测(1或4),执行难度...
评论 4
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值