Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lab 2: SSL Security Attack June 17, 2008 Hyun Jin Kim.

Published byLenard Atkinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Lab 2: SSL Security Attack June 17, 2008 Hyun Jin Kim."— Presentation transcript:

1 Lab 2: SSL Security Attack June 17, 2008 Hyun Jin Kim

2 Objective Configure DNS such that https://www.paypal.com gets resolved to our own IP address of the “attack” server https://www.paypal.com – Paypal uses SSL protocol.

3 Normal DNS Query Processing www.paypal.com 64.4.241.33 DNS Server Paypal’s Server

4 Attacking DNS Request www.paypal.com 128.222.11.3 DNS Server Paypal Server Fake Paypal Server Filter

5 What We Will Do Write a program that injects a spoofed DNS Response when the source queries the IP address of www.paypal.comwww.paypal.com C programming Basic skeleton of codes are provided. Attacker’s fake server is also provided.

6 Libraries Libpcap – To capture DNS requests – /usr/include/pcap.h Libnet – To inject fake DNS replies – /usr/include/libnet.h

7 Procedures Setup for packet sniffing Grab packets Check if packets are DNS queries If the query is for www.paypal.com, inject a spoofed DNS response backwww.paypal.com Web browser will direct to attacker’s fake paypal website!

8 Step 1: Packet Sniffing Setup Find the network interface for sniffing – device = pcap_lookupdev(errbuf); eth0 in our case Set up for sniffing – capdev = set_cap_dev(device, filter); filter specifies some properties of DNS Requests – UDP packets – Destination port = 53

9 Step 2: Grab a DNS Query Packet Grab a packet (first fill-in)‏ – packet = (u_char *) pcap_next(capdev, &pcap_hdr); Check if the packet is a DNS Query – i.e., Destination port = 53? Check if the DNS Query is for www.paypal.comwww.paypal.com

10 Step 3: Create Spoofed DNS Response Create a new DNS Response with Attacker’s IP address Send it back to the source void spoof_dns(char *device)‏ – Open a raw socket – Start creating the header for the spoofed response

11 Step 3: Create Spoofed DNS Response Header Construction – Build DNS Header (fill in)‏ – dns = libnet_build_dnsv4(LIBNET_DNS_H, /* header size */ ntohs(spoofpacket.dns_id), /* dns id */ 0x8100, /* control flags (QR,AA,RD,*/ 1, /* number of questions */ 1, /* number of answer RR's */ 0, /* number of authority RR's*/ 0, /* number of additional RR's*/ spoofpacket.payload, /* payload */ spoofpacket.payload_size, /* payload length */ handler, /* libnet handler */ 0); /* ptag */ – Build UDP Header – Build IP Header – Calculate Checksum (fill in)‏ libnet_toggle_checksum(handler, udp, 1); libnet_toggle_checksum(handler, ip, 1);

12 Step 4: Inject DNS Response Inject the packet (fill in)‏ – inject_size = libnet_write(handler); Destroy the packet (fill in)‏ – libnet_destroy (handler);

13 Test Compile – Type make Run – Type./sslattack Open a web browser Type http://www.naver.comhttp://www.naver.com – No attack Type https://www.paypal.comhttps://www.paypal.com – Certificate Warning Sign

14 Certificate

15 Spoofed paypal.com

16 Actual paypal.com

Download ppt "Lab 2: SSL Security Attack June 17, 2008 Hyun Jin Kim."

Similar presentations

Florida State UniversityCOP5570 - Advanced Unix Programming Raw Sockets Datalink Access Chapters 25, 26.

Florida State UniversityCOP Advanced Unix Programming Raw Sockets Datalink Access Chapters 25, 26.
Router Implementation Project-2

Router Implementation Project-2
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
Module 7: Configuring Access to Internal Resources.

Module 7: Configuring Access to Internal Resources.
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
DHCP Dynamic Host Configuration Part 7 NVCC Professional Development TCP/IP.

DHCP Dynamic Host Configuration Part 7 NVCC Professional Development TCP/IP.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Lab 4: Simple Router CS144 Lab 4 Screencast May 2, 2008 Ben Nham Based on slides by Clay Collier and Martin Casado.

Lab 4: Simple Router CS144 Lab 4 Screencast May 2, 2008 Ben Nham Based on slides by Clay Collier and Martin Casado.
Internet Control Message Protocol (ICMP). Introduction The Internet Protocol (IP) is used for host-to-host datagram service in a system of interconnected.

Internet Control Message Protocol (ICMP). Introduction The Internet Protocol (IP) is used for host-to-host datagram service in a system of interconnected.
UDP - User Datagram Protocol UDP – User Datagram Protocol Author : Nir Shafrir Reference The TCP/IP Guide - (http://www.TCPIPGuide.com) Version 3.0 - Version.

UDP - User Datagram Protocol UDP – User Datagram Protocol Author : Nir Shafrir Reference The TCP/IP Guide - ( Version Version.
1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.
Leon-Garcia & Widjaja: Communication Networks Copyright ©2000 The McGraw Hill Companies The user clicks on a link to indicate which document is to be retrieved.

Leon-Garcia & Widjaja: Communication Networks Copyright ©2000 The McGraw Hill Companies The user clicks on a link to indicate which document is to be retrieved.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.

Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.
COEN 445 Communication Networks and Protocols Lab 3

COEN 445 Communication Networks and Protocols Lab 3
Lecture 8 Modeling & Simulation of Communication Networks.

Lecture 8 Modeling & Simulation of Communication Networks.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
OSI Model Routing Connection-oriented/Connectionless Network Services.

OSI Model Routing Connection-oriented/Connectionless Network Services.

Similar presentations

Ads by Google