(How To) Kali Linux: Intercept Secure Passwords from HTTPS SSL with Ettercap and sslstrip

Here I will be showing how to setup ettercap settings on Kali Linux, then we will proceed to do a man in the middle attack on a wireless network. I will be using ettercap and sslstrip to do this. The routing will happen through iptables.

MITM attacks and ARP flooding, these are two attacks that Ettercap was built for. Ettercap is an excellent tool that does MITM, connection sniffing, protocol decoding and much more. Once an attacker is positioned appropriately on a network, be that physical or wireless, Ettercap is one tool that will enable full end to end traffic sniffing. Sniffing plaintext protocols is simple, but Ettercap has an additional trick up it’s sleeve for SSL. Come along for the ride and we will see how coupling Ettercap with sslstrip allows us to intercept secure passwords… Well, actually it is more like it takes ssl out of the picture… making the password come through on regular http.

Tagged , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *