tag:blogger.com,1999:blog-5202095606494672181.post2216853695855456945..comments2023-03-27T11:05:16.103-07:00Comments on Ubuntu Unleashed: Howto: Sniff or Hack someone’s username and password over an SSL encrypted connection with Ubuntu Linuxdefconhttp://www.blogger.com/profile/09599163021880670254noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-5202095606494672181.post-15361569688812776622008-04-08T13:41:00.000-07:002008-04-08T13:41:00.000-07:00Correct, it is a man-in-the-middle attack. What ha...Correct, it is a man-in-the-middle attack. What happens is the user is presented with a SSL certificate hosted on the Ettercap machine. At a cursory glance it looks ok, but does pop up and require the user to click to allow it to be used.<BR/><BR/>Most users will go ahead a click without more than a glance, if that.<BR/><BR/>At that point, Ettercap then sets up its own SSL session to the destination web server, so that it can relay data.<BR/><BR/>So what you wind up with is a SSL-protected session between the browser and Ettercap, where the data is decrypted/recorded/manipulated, then Ettercap encrypts the data again and sends it over a SSL-protected session to the destination web server.<BR/><BR/>A phishing attack is not required.Anonymoushttps://www.blogger.com/profile/08201548206612468704noreply@blogger.comtag:blogger.com,1999:blog-5202095606494672181.post-20393783887672690102008-02-20T23:04:00.000-08:002008-02-20T23:04:00.000-08:00Luke: I /think/ it's a man in the middle attack: a...Luke: I /think/ it's a man in the middle attack: attacker (lets pretend that its a woman called eve) pretends to be the site your contacting (bob, for arguments sake) now to alice, eve looks like bob, and to bob, eve looks like alice. But I'm not an expert, and I mainly did this to show of the cool alice/bob/eve analogy/in-joke.Anonymoushttps://www.blogger.com/profile/09137185529117556695noreply@blogger.comtag:blogger.com,1999:blog-5202095606494672181.post-2397854678179042692008-02-20T22:01:00.000-08:002008-02-20T22:01:00.000-08:00Surely this would only work for clear text auth ov...Surely this would only work for clear text auth over http - you would be able to read these packets and see the credentials.<BR/><BR/>For https there will be 128 bit encryption based on the SSL certs between the clients browser and the webserver? To read these you would need to hijack and replicate the webhost - such as phising?Luke Hindshttps://www.blogger.com/profile/13066800704728728902noreply@blogger.com