zeronul Posted May 30, 2015 Posted May 30, 2015 I've set up a hacking lab by virtualbox with Kail linux, Ubuntu, Win7 SP1, and WinXP SP3. There is no problem to capture username and password from HTTPS traffic in IE with the command: ettercap -Tqi eth0 -M arp:remote /gateway/ /target/ When I use the same way to try on firefox, the username and password can never be captured but the arp spoofing is working in the meantime. Not sure about the problem from which portion. Quote
ZaraByte Posted May 30, 2015 Posted May 30, 2015 If im not mistaken IE doesn't support HSTS unlike Firefox and Google Chrome so that's likely gonna fail. You would need to use something like dns2proxy and sslstrip2 and even then im not sure if that still works. Personally i don't make much of a habit of sniffing that kinda information on my own network and im not into doing that on networks in which i don't own. Quote
digip Posted May 30, 2015 Posted May 30, 2015 IE 10 and later use HSTS, so if you're using IE 9 and older, will probably still work to strip things(as well as older browsers of other brands), but not sure if Microsoft has or has not back ported this. Chrome, Opera, Safari and FF should all be doing HSTS these days if on the latest, and some browsers do DNS pre-fetching which you may not be able to override without doing DNS attacks on top of normal MITM attacks. Combine your ARP attack with a DNS attack, and a forged certificate tha tpoints to a local server(although, the user will probably get prompted on the self signed certificate unless you can force them to HTTP) be sure to strip any pre-fetch code from the results of what they search for, and you should be able to get them to load your clone of the site. Note, trying to intercept will probably not work, as with a cloned page served, with everything pointing to "local" copies of files, should work. You basically have to make yourself a face web server to impersonate the real ones if HSTS is in use. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.