Description:
Moxie MarlinSpike released SSLStrip at Blackhat this year to demonstrate how easy it is to actually break SSL security, by simply replacing all "https://" URLs in a webpage with "http://" ones and then doing an MITM relaying between the Server and the Client. The basic idea is that the victim Client and attacker communicate over HTTP, and the attacker and Server, communicate over HTTPS using the Server's certificate. Thus, the attacker is able to see all the traffic in clear from the Client.
Moxie's detailed talk is available for viewing here.
In this video
Myownremote (myownremote [] googlemail [] com) shows a nice demo of the SSLStrip tool and how to use it with Ettercap effectively to sniff the SSL traffic of a victim. This is a recommended watch! We have also have
another demo of the SSLStrip tool on SecurityTube here.
Thanks go out to Myownremote for submitting this video to SecurityTube. You can
visit this blog for more interesting articles on security and hacking.
Tags: tools ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments: