-
-
[原创]无线网络钓鱼——SSLStrip
-
发表于: 2013-6-20 23:32
-
你有蹭网的习惯吗? 在公共场所,机场,辛巴克。或者自己小区里发现一个没有密码或者密码是123456的无线网路。如果是这样的话,请注意了:你很有可能被钓鱼,莫名其妙的丢了自己的用户名和密码。本人在家里做了个实验,抓住了老婆的几个登陆密码。使用的是SSLStrip的方法。友情提示大家,蹭网需谨慎。
SSLStrip是09年黑帽大会上曝出的截获HTTPS明文数据的黑客方法。这里科普一下为什么使用未知的无线网络存在安全风险。现在大部分web登陆使用https保护登陆数据,比如gmail, 网易邮箱,亚马逊等。这里来演示一下使用SSLStrip在局域网中截获HTTPS保护过用户登录名和密码。
HTTPS本身是很安全的,黑客撼动不了。但是浏览器访问HTTPS有一个特点,一般情况用户并不直接访问https而是先访问HTTP,然后再重定(redirect)向到HTTPS。用户在浏览器中一般输入1eeK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3g2^5j5h3#2H3L8r3g2Q4x3X3g2U0L8$3#2Q4x3V1y4Q4x3U0k6F1j5Y4y4H3i4K6y4n7i4@1f1$3i4K6R3^5i4K6V1$3i4@1f1^5i4K6R3H3i4K6R3#2i4@1f1%4i4K6W2n7i4@1t1@1i4@1f1$3i4K6S2q4i4@1p5#2i4@1f1#2i4@1t1H3i4@1t1I4i4@1f1^5i4@1u0q4i4K6V1K6i4@1f1#2i4K6R3#2i4@1p5#2k6i4S2S2L8i4m8D9k6g2)9J5k6h3y4G2L8g2!0q4x3#2)9^5x3q4)9^5x3W2!0q4y4W2!0n7y4g2)9^5c8W2!0q4z5q4!0m8y4#2)9^5z5q4!0q4y4g2)9&6z5g2!0m8z5q4!0q4z5g2!0n7b7W2)9&6z5q4!0q4z5q4!0m8c8g2!0m8y4q4!0q4y4q4!0n7c8q4!0n7c8W2!0q4y4#2)9&6y4q4!0m8z5q4!0q4y4g2!0m8c8W2!0n7z5i4N6W2j5W2!0q4y4W2)9&6b7#2)9^5c8q4!0q4y4g2)9^5b7g2!0m8x3g2!0q4y4g2)9&6z5g2!0m8z5q4!0q4y4g2)9^5c8W2)9&6x3g2!0q4z5q4!0n7y4g2!0n7y4@1S2f1g2q4m8Q4c8e0S2Q4b7f1k6Q4b7U0N6Q4c8e0k6Q4b7U0q4Q4z5o6u0Q4c8f1k6Q4b7V1y4Q4z5p5y4Q4c8e0k6Q4z5f1y4Q4z5p5c8Q4c8e0g2Q4z5p5q4Q4b7e0q4Q4c8e0g2Q4z5e0W2Q4b7e0S2Q4c8e0W2Q4z5o6N6Q4z5p5c8Q4c8e0g2Q4b7f1g2Q4z5f1q4Q4c8e0g2Q4z5e0m8Q4z5e0q4Q4c8e0S2Q4b7f1k6Q4b7U0N6Q4c8e0k6Q4b7U0q4Q4z5o6u0Q4c8e0g2Q4z5o6S2Q4b7U0m8t1g2q4c8b7f1#2)9J5k6g2)9J5y4X3&6T1M7%4m8Q4x3@1u0e0f1@1I4e0N6s2u0A6M7q4!0q4y4W2)9&6y4q4!0n7b7W2!0q4y4g2)9^5y4#2!0n7b7W2!0q4y4#2)9&6b7g2)9^5y4q4!0q4y4W2)9^5x3q4)9&6c8q4!0q4z5q4!0n7y4#2!0m8c8W2!0q4y4W2)9&6z5q4!0m8c8W2!0q4y4g2)9&6b7#2!0m8z5q4!0q4y4W2!0n7y4g2)9^5c8W2!0q4z5q4!0m8y4#2)9^5z5q4!0q4y4g2)9&6z5g2!0m8z5q4!0q4y4g2)9&6x3W2)9^5b7#2!0q4y4W2)9&6b7#2)9^5c8q4!0q4y4g2)9^5b7g2!0m8x3g2!0q4y4g2)9&6z5g2!0m8z5q4!0q4y4#2)9&6b7g2)9^5y4q4!0q4y4q4!0n7z5q4!0m8c8q4!0q4z5g2)9&6y4#2!0n7y4q4!0q4y4W2)9^5z5q4!0m8b7g2!0q4y4W2)9&6y4W2!0m8c8p5S2f1g2q4m8Q4c8e0k6Q4z5e0g2Q4b7U0m8Q4c8e0k6Q4z5p5c8Q4b7f1g2Q4c8f1k6Q4b7V1y4Q4z5p5y4Q4c8e0W2Q4z5e0S2Q4b7V1u0Q4c8e0k6Q4b7f1c8Q4b7e0u0t1g2q4c8b7i4@1f1#2i4@1q4q4i4K6W2m8i4@1f1#2i4K6V1H3i4K6V1I4i4@1f1@1i4@1t1^5i4@1u0m8d9q4c8f1f1q4y4Q4c8e0y4Q4z5o6m8Q4z5o6u0Q4c8e0S2Q4b7V1k6Q4z5e0W2Q4c8e0g2Q4b7U0m8Q4b7U0q4Q4c8e0k6Q4z5e0S2Q4b7f1k6Q4c8e0k6Q4z5o6W2Q4z5o6m8Q4c8e0S2Q4b7f1k6Q4b7U0c8Q4c8e0N6Q4z5f1q4Q4z5o6c8y4j5h3&6Q4x3U0k6F1j5Y4y4H3i4K6y4n7K9h3&6Q4x3U0k6F1j5Y4y4H3i4K6y4n7N6r3S2W2i4K6t1$3L8X3u0K6M7q4)9K6b7V1#2A6k6r3c8D9k6g2)9J5b7#2!0q4y4q4!0n7z5q4!0m8c8q4!0q4z5g2)9&6y4#2!0n7y4q4!0q4y4q4!0n7b7g2!0n7b7g2!0q4y4W2)9&6y4q4!0n7b7W2!0q4y4g2)9^5y4#2!0n7b7W2!0q4x3#2)9^5x3q4)9^5x3W2!0q4y4q4!0n7b7W2)9^5c8g2!0q4z5q4)9^5x3q4)9^5b7#2!0q4y4g2!0m8c8g2)9&6c8g2!0q4y4#2)9^5c8g2!0n7x3q4!0q4y4W2!0n7y4g2)9^5c8W2!0q4z5q4!0m8y4#2)9^5z5q4!0q4y4g2)9&6z5g2!0m8z5q4!0q4y4q4!0n7z5q4)9^5c8g2!0q4y4W2)9&6y4q4!0n7b7W2!0q4y4g2)9^5y4#2!0n7b7W2!0q4z5q4)9^5x3q4)9^5y4g2!0q4y4q4!0n7z5g2)9^5b7W2!0q4z5g2)9&6y4#2!0n7y4q4!0q4z5q4!0n7c8W2)9&6b7W2!0q4z5q4!0m8x3g2)9^5b7#2!0q4y4#2)9&6b7g2)9^5y4q4!0q4y4W2)9&6z5q4!0m8c8V1S2f1g2q4m8Q4c8e0W2Q4z5o6m8Q4z5f1q4Q4c8e0c8Q4b7V1k6Q4b7e0q4Q4c8f1k6Q4b7V1y4Q4z5p5y4Q4c8e0k6Q4z5e0c8Q4b7V1u0Q4c8e0g2Q4z5o6N6Q4b7V1u0Q4c8e0S2Q4z5o6m8Q4z5o6g2Q4c8e0k6Q4z5e0c8Q4b7U0k6Q4c8e0g2Q4z5o6S2Q4b7U0m8Q4c8e0k6Q4b7U0g2Q4z5p5k6Q4c8e0S2Q4b7e0N6Q4z5o6S2Q4c8e0g2Q4z5e0W2Q4b7e0S2Q4c8e0k6Q4z5e0g2Q4b7U0m8Q4c8e0k6Q4z5p5c8Q4b7f1g2Q4c8e0g2Q4z5e0m8Q4z5p5g2Q4c8f1k6Q4b7V1y4Q4z5p5y4Q4c8e0g2Q4z5o6k6Q4z5p5c8Q4c8e0W2Q4z5o6m8Q4z5f1q4Q4c8e0S2Q4b7V1k6Q4z5o6N6t1g2q4c8b7f1#2!0q4y4g2!0n7x3q4)9^5y4W2!0q4y4W2)9&6y4g2!0n7x3q4!0q4y4W2)9^5c8q4!0m8c8g2!0q4z5q4!0n7c8q4!0m8b7#2!0q4y4g2)9^5c8W2)9&6x3g2!0q4y4#2!0n7b7W2)9&6z5g2!0q4y4W2)9&6b7#2)9^5c8q4!0q4y4g2)9^5b7g2!0m8x3g2!0q4y4g2)9&6z5g2!0m8z5q4!0q4x3#2)9^5x3q4)9^5x3W2!0q4z5q4!0n7c8W2)9&6z5g2!0q4y4W2!0m8x3q4!0n7y4#2!0q4y4q4!0n7b7W2!0m8y4g2!0q4y4g2)9^5z5g2)9^5c8q4!0q4y4g2)9^5c8W2)9&6y4@1S2f1g2q4m8e0i4@1f1@1i4@1u0r3i4K6W2p5i4@1f1$3i4K6S2m8i4@1p5@1i4@1f1%4i4K6W2m8i4K6R3@1i4@1f1%4i4K6V1&6i4@1u0n7i4@1f1&6i4K6V1&6i4K6R3$3i4@1f1@1i4@1u0r3i4@1p5I4i4@1f1$3i4K6R3I4i4@1q4r3i4@1g2r3i4@1u0o6i4K6S2o6i4@1f1#2i4@1q4q4i4K6S2o6i4@1f1#2i4K6R3#2i4@1p5^5i4@1f1$3i4K6W2m8i4@1t1@1i4@1f1&6i4K6W2o6i4@1t1J5i4@1f1%4i4@1u0n7i4K6V1&6i4@1f1@1i4@1u0m8i4K6R3$3i4@1f1$3i4K6V1@1i4@1u0n7i4@1f1#2i4K6R3%4i4@1u0n7i4@1f1^5i4K6R3H3i4K6R3#2i4@1f1K6i4K6R3H3i4K6R3J5
怎样截获网络数据成为"中间人"呢? 通常是DNS下毒,或者在局域网中使用ARP欺骗。本演示中当然使用ARP欺骗要容易一点。
攻击工具:
Back-Track,作为安全从业人员这是必须的。集合Metasploit等等一系列的安全工具。下载一个VMWare镜像,使用相当方便。688K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3u0S2j5$3E0@1M7X3q4U0K9#2)9J5k6r3I4A6L8Y4g2^5i4K6u0W2L8%4u0Y4i4K6u0r3k6r3!0%4L8X3I4G2j5h3c8K6i4K6u0r3
SSLStrip(943K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6i4c8Z5L8%4g2Y4K9s2c8U0M7X3W2E0k6g2)9J5k6h3!0J5k6#2)9J5c8Y4y4G2k6Y4c8%4j5i4u0W2i4K6u0r3M7%4y4D9M7%4c8J5K9i4m8Q4x3V1j5`.)下载,解压,安装python ./setup.py install
整个实验过程分为四步。
第一步,在back-track中输入如下命令,欺骗192.168.1.7让本机冒充网关192.168.1.1。这样192.168.1.7所有发送的数据都会发到本机上来。这时如果查看被骗主机的ARP表的话,你会发现确实发生了变化,图一。这时被骗主机无法上网,因为他所有发送数据都被阶段了。在黑客主机上使用Wireshark抓包发现,PING的ICMP包无响应,DNS请求也无响应,图二。
arpspoof -i eth1 -t 192.168.1.7 192.168.1.1
echo "1" > /proc/sys/net/ipv4/ip_forward
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 ,可用于网络安全警示教育的题材,可别干坏事了。
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
