SSLStrip: Difference between revisions

From charlesreid1

(Created page with "SSLStrip is a way of conducting a man in the middle attack such that the user inserts themselves between the sheep and the server for SSL sessions. While the Sheep may notice...")
 
No edit summary
Line 2: Line 2:


While the Sheep may notice something fishy, the SSLStrip attack ensures that the user merely needs to accept the attacker's certificate once. From that point forward, all secure connections the sheep may make are compromised.
While the Sheep may notice something fishy, the SSLStrip attack ensures that the user merely needs to accept the attacker's certificate once. From that point forward, all secure connections the sheep may make are compromised.
{{MITMFlag}}
[[Category:Kali]]

Revision as of 11:20, 27 August 2015

SSLStrip is a way of conducting a man in the middle attack such that the user inserts themselves between the sheep and the server for SSL sessions.

While the Sheep may notice something fishy, the SSLStrip attack ensures that the user merely needs to accept the attacker's certificate once. From that point forward, all secure connections the sheep may make are compromised.



Defcon.png
monkey in the middle attacks
in which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker.

MITM

Wireless Attacks: MITM/Wireless

Wired Attacks: MITM/Wired


Layer 1 and 2 MITM Attacks:

MITM/Layer 1 and 2

Network Tap: MITM/Wired/Network Tap

Evil Twin Attack: Evil Twin  · MITM/Evil Twin


Layer 3 and 4 MITM Attacks:

MITM/Layer 3 and 4

Traffic Sniffing: MITM/Sniffing

ARP Poisoning: MITM/ARP Poisoning

Traffic Injection/Modification: MITM/Traffic Injection

DNS Attacks: MITM/DNS  · Bettercap/Failed DNS Spoofing Attack  · Bettercap/Failed DNS Spoofing Attack 2

DHCP Attacks: MITM/DHCP

WPAD MITM Attack: MITM/WPAD

Port Stealing: MITM/Port Stealing

Rushing Attack: MITM/Rushing Attack

Attacking HTTPS: MITM/HTTPS


Layer 5 MITM Attacks:

Session Hijacking: MITM/Session Hijacking


Toolz:

Ettercap  · Bettercap  · MITMf  · EvilFOCA

Wireshark  · Aircrack

Dsniff  · Arpspoof  · Dnsspoof

SSLSniff  · SSLStrip  · Frankencert

Driftnet  · Karma


MITM Labs: {{MITMLabs}}


Category:MITM  · Category:Attacks  · Category:Kali Attack Layers

Template:MITMLabs  · Template:MITMFlag

Flags  · Template:MITMFlag  · e




Retrieved from "https://charlesreid1.com/w/index.php?title=SSLStrip&oldid=8410"