Hacking Accounts Using SSLstrip and Arpspoof! With Kali Linux

***THIS TUTORIAL IS INTENDED FOR EDUCATIONAL PURPOSES ONLY! THE AUTHOR OF THIS VIDEO AND BLOG IS NOT RESPONSIBLE FOR YOUR IRRESPONSIBLE ACTIONS AFTER WATCHING THIS TUTORIAL. PRISON RAPE IS VERY REAL***

Arpspoofing and SSLstripping

Hello and welcome back for another round of penetration testing and network security. As promised, I have come back to further your understanding of Kali Linux and Network Security. Below is a video that I recklessly put together that demonstrates an attack known as a Man-In-The-Middle attack. This attack is preferred to others because the victim is oblivious to the attack taking place where in other similar attacks, denial of service interruptions or slow service gives the attacker away.

Anyone that has fixes for better file conversions, let me know.

A simple explanation on how this works is presented in the video. I find it important to share these things because working in a Linux box is so satisfying on some twisted level. The information that is available to learn is endless for those of a curious mind. Also, I believe that people should be aware of the shear simplicity in which everything private about them can be stolen and exploited.

Before you will be able to perform this exercise, you will need Kali Linux and you will also want to read how to install it. Also, feel free to take a look at how to crack WPA2/WPA.

This attack uses two methods to obtain a victim’s username and password to any email account (Yahoo, Google, MSN, etc), Facebook or other account where a login authentication is required. This is done by using arp poisoning to spoof (or fake) mac addresses of wireless routers and victim PCs. The attacker MUST be on the same network as the victims. With arpspoofing, the router believes that it is directly communicating with the victim’s computer and the victim’s computer believes it is directly communicating with the router when in fact, they each are communicating directly to the attacker “in the middle” of the connection.

The SSLstrip feature that we are using in this attack is what makes this a preferred method for stealing credentials. SSLstrip removes the security and encryption from web traffic so that the connection lacks encryption and defeats the Secure Socket Layer (SSL) protocol being implemented between router and device. Once the packet is captured, the information can then be read at an understandable human level rather than as confusing encryption codex. SSLstrip allows “https://www…” to become “http://www…”. This is a very bad thing because that means that your log-in to Facebook was never encrypted and now you’ve just shared your password to some weirdo at a keyboard… Hope you deleted all of those messages to your mistress.

So this is it, check out the video. Even if you are not into this kind of thing. See how easily this could happen to you or someone you know. Stay mindful on the net and always protect yourself.

Stay tuned for the ultimate hack…

…Completely Own Any Windows Machine!

Stay Safe and Hap’y Hackin’