Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Slides:

Advertisements

Similar presentations

Ethical Hacking Module VII Sniffers.

Advertisements

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Security Lab 2 MAN IN THE MIDDLE ATTACK

SSL Man-in-the-Middle Attack over Wireless Vivek Ramachandran

Cryptography and Network Security

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Network Security (part 3). In our simple topologies from yesterday (generally built with hubs), there is nothing preventing a host from sniffing traffic.

Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Network Attacks Mark Shtern.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

SSL Spoofing Man-In-The-Middle attack on SSL Duane Peifer.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

Demonstrating HTTP Session Hijacking through ARP Cache Poisoning and Man-in-the-Middle Attack and exploring HTTPS and VOIP session vulnerabilities Mainuddin.

1 The Attack and Defense of Computers Dr. 許富皓. 2 Network Architecture:

Man in the Middle attacks and ARP poisoning explained

Lecture 8 Modeling & Simulation of Communication Networks.

SSL Man-in-the-Middle Attacks with Dsniff Rochester OWASP & ISSA Chapters Ralph Durkee Durkee Consulting, Inc.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

Cisco Discovery Working at a Small-to-Medium Business or ISP CHAPTER 7 ISP Services Jr.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Exercises ARP ICMP DNS HTTP/TCP Trace analysis. ARP launch Wireshark ipconfig /all ; see local IP and gateway route -print ; find gateway arp -a ; list.

JMU GenCyber Boot Camp Summer, Network Sniffing Sometimes it is possible observe/record traffic traveling on a network Network traffic may contain.

CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e

CSI315 Web Development Technologies Continued. Communication Layer information needs to get from one place to another –Computer- Computer –Software- Software.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

A day in the life: scenario

The complete picture Linux Network Management. End to End Connection Being able to describe the end to end connection sequence is a useful thing Very.

Link Layer 5-1 Link layer, LAN s: outline 5.1 introduction, services 5.2 error detection, correction 5.3 multiple access protocols 5.4 LANs  addressing,

1 John Magee 11 July 2013 CS 101 Lecture 11: How do you “visit” a web page, revisted Slides adapted from Kurose and Ross, Computer Networking 5/e Source.

ECE Prof. John A. Copeland fax Office: Klaus 3362.

Secure Socket Layer (SSL) and Secure Electronic Transactions (SET) Network Security Fall Dr. Faisal Kakar

5: Link Layer Part Link Layer r 5.1 Introduction and services r 5.2 Error detection and correction r 5.3Multiple access protocols r 5.4 Link-Layer.

Tunneling and Securing TCP Services Nathan Green.

Wireless Networking & Security Greg Stabler Spencer Smith.

Link Layer5-1 Synthesis: a day in the life of a web request  journey down protocol stack complete!  application, transport, network, link  putting-it-all-together:

Chapter 8 Phase3: Gaining Access Using Network Attacks

CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.

1 The Attack and Defense of Computers Dr. 許富皓. 2 Network Architecture:

Network Attacks Bharatha Yajaman ISQS Outline Sniffing  Passive Sniffing  Active Sniffing IP Address Spoofing  Changing the IP address  Undermining.

Presented by Rebecca Meinhold But How Does the Internet Work?

CNIT 124: Advanced Ethical Hacking Ch 7: Capturing Traffic.

Ethical Hacking: Hacking GMail. Teaching Hacking.

SSL. Why Is Security Important ●Security is important on E-Commerce because it makes sure that your information gets from your computer to their server.

Link Layer5-1 Synthesis: a “day” in the life of a web request  journey down protocol stack!  application, transport, network, link  putting-it-all-together:

Hands-On Ethical Hacking and Network Defense

Secure Socket Layer SSL and TLS. SSL Protocol Peer negotiation for algorithm support Public key encryptionPublic key encryption -based key exchange and.

Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified

MIS Week 9 Site:

End-host IP: MAC: 11:11:11:11:11 gateway IP: MAC: 22:22:22:22:22 Google server IP: interne t interface DNS server IP:

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

TCP Sliding Windows For each TCP connection each hosts keep two Sliding Windows, send sliding window, and receive sliding window to make sure the correct.

An Introduction To ARP Spoofing & Other Attacks

A Typical Connection Scenario

Packet Sniffers Lecture 10 - NETW4006 NETW4006-Lecture09.

Chapter 4 Core TCP/IP Protocols

Chapter 6 The Data Link layer

Unit 8 Network Security.

Advanced Computer Networks

Synthesis A day in the life of a web request

Presentation transcript:

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions

How HTTPS Works

HTTP v. HTTPS HTTP doesn't encrypt data at all HTTP doesn't encrypt data at all You can sniff traffic with Wireshark, ettercap, etc. You can sniff traffic with Wireshark, ettercap, etc. Completely insecure Completely insecure HTTPS uses public-key encryption to secure data HTTPS uses public-key encryption to secure data Much safer, but it can still be cracked to some extent by a man-in-the-middle attack Much safer, but it can still be cracked to some extent by a man-in-the-middle attack

Components of HTTPS When you use a secure session (HTTPS), these protocols work together: When you use a secure session (HTTPS), these protocols work together: Address Resolution Protocol (ARP) Address Resolution Protocol (ARP) Domain Name System (DNS) Domain Name System (DNS) Secure Sockets Layers (SSL) Secure Sockets Layers (SSL)

ARP Request and Reply Client wants to find Gateway Client wants to find Gateway ARP Request: Who has ? ARP Request: Who has ? ARP Reply: ARP Reply: MAC: bd-02-ed-7b has ClientGateway Gmail.com ARP Request ARP Reply

Demonstration Sniffing ARP with Wireshark Start Wireshark capturing packets Start Wireshark capturing packets Clear the ARP cache Clear the ARP cache arp –d * arp –d * Ping the default gateway Ping the default gateway

DNS Query and Response Client wants to find Gmail.com Client wants to find Gmail.com DNS Query: Where is Gmail.com? DNS Query: Where is Gmail.com? DNS Response: DNS Response: Gmail.com is at ClientGateway Gmail.com DNS Query DNS Response

Demonstration Sniffing DNS with Wireshark Start Wireshark capturing packets Start Wireshark capturing packets Clear the DNS cache Clear the DNS cache ipconfig /flushdns ipconfig /flushdns Ping Gmail.com Ping Gmail.com

SSL Handshake SSL handshake has three stages: SSL handshake has three stages: Hellos Certificate, Key Exchange, and Authentication "Change cipher spec" – handshake finished The Gateway just forwards all this traffic to the Web server ClientGateway Gmail.com Hellos Cert, Key Exch & Auth Chg Ciph Spec

Demonstration Sniffing SSL Handshake with Wireshark Start Wireshark capturing packets Start Wireshark capturing packets Open a browser and go to yahoo.com Open a browser and go to yahoo.com Click the My Mail button Click the My Mail button

Open a Socket to Port 443 This is the usual SYN, SYN/ACK, SYN TCP handshake This is the usual SYN, SYN/ACK, SYN TCP handshake Port 443 is used for HTTPS Port 443 is used for HTTPS

Hellos Client Hello Client Hello Server sends Hello Server sends Hello This exchange is used to agree on a protocol version and encryption method This exchange is used to agree on a protocol version and encryption method

Certificate, Key Exchange, and Authentication Server sends Certificate Server sends Certificate Client sends Public Key Client sends Public Key Client Authenticates Certificate with Certificate Authority (not visible) Client Authenticates Certificate with Certificate Authority (not visible)

Change Cipher Spec Server sends "Change Cipher Spec" Server sends "Change Cipher Spec" Client sends "Change Cipher Spec" Client sends "Change Cipher Spec" SSL Handshake is done, now client can send encrypted Application Data SSL Handshake is done, now client can send encrypted Application Data

Summary of HTTPS Process SSL handshake has three stages: SSL handshake has three stages: Hellos Certificate, Key Exchange, and Authentication "Change cipher spec" – handshake finished ClientGateway Gmail.com ARP DNS SSL/TLS

Man-in-the-Middle Attack

Summary of Attack Hacker intercepts traffic Must defeat ARP, DNS, and SSL ClientGateway Gmail.com ARP Forwarded DNS SSH Hacker

ARP Cache Poisoning The Linux utility 'arpspoof' sends a constant series of ARP REPLIES The Linux utility 'arpspoof' sends a constant series of ARP REPLIES This diverts Ethernet traffic to the hacker This diverts Ethernet traffic to the hacker Part of the 'dsniff' package Part of the 'dsniff' package

DNS Spoofing The Linux utility 'dnspoof' listens for DNS queries The Linux utility 'dnspoof' listens for DNS queries Sends DNS responses sending Web server data to the hacker Sends DNS responses sending Web server data to the hacker Part of the 'dsniff' package Part of the 'dsniff' package

IP Routing 'fragrouter' can forward packets to their correct destination 'fragrouter' can forward packets to their correct destination That allows normal Web surfing (HTTP) That allows normal Web surfing (HTTP) Part of the 'dsniff' package Part of the 'dsniff' package This could also be done with 'iptables' This could also be done with 'iptables'

SSL Spoofing 'webmitm' creates a Certificate and intercepts SSL handshakes 'webmitm' creates a Certificate and intercepts SSL handshakes Part of the 'dsniff' package Part of the 'dsniff' package

Limitations of the Attack The SSL spoofing is not perfect The SSL spoofing is not perfect You can't actually log in and read You can't actually log in and read Internet Explorer sends your password to the hacker before giving up on the connection Internet Explorer sends your password to the hacker before giving up on the connection Firefox doesn't send your password to the hacker Firefox doesn't send your password to the hacker

Sources Hacking videos from link l_15b Hacking videos from link l_15b How to decrypt SSL encrypted traffic using a man in the middle attack (Auditor).swf How to decrypt SSL encrypted traffic using a man in the middle attack (Auditor).swf MITM Hijacking.wmv MITM Hijacking.wmv SSL Handshake information from l_15a (cs.bham.ac.uk) SSL Handshake information from l_15a (cs.bham.ac.uk)