码迷,mamicode.com
首页 > Web开发 > 详细

Ethical Hacking - NETWORK PENETRATION TESTING(17)

时间:2019-12-03 23:37:54      阅读:139      评论:0      收藏:0      [点我收藏+]

标签:ges   net   ssl cert   passwords   term   技术   lease   sts   color   

MITM - bypassing HTTPS

Most websites use https in their login pages, this means that these pages are validated using an SSL certificate and there for will show a warning to the user that the certificate is invalid.

SSLstrip is a tool that canbe used to downgrade HTTPS requests to HTTP allowing us to sniff passwords without displaying a warning to the user.

Luckily MITMf starts SSLstrip for us automatically.

 

Start the MITMf tool, and the SSLstrip runs the same time.

python2 mitmf.py --arp --spoof --gateway 10.0.0.1 --target 10.0.0.22 -i eth0

技术图片

 

 Browse the www.baidu.com on the victim win10 os. 

Please note that , the URL becomes to  http://www.baidu.com by default.

技术图片

 

 You can find the username and password in the MITMf terminal.

技术图片

 

Ethical Hacking - NETWORK PENETRATION TESTING(17)

标签:ges   net   ssl cert   passwords   term   技术   lease   sts   color   

原文地址:https://www.cnblogs.com/keepmoving1113/p/11979915.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!