	Got 5min?
	Log In/ Join Now

How to videos>Tech>Web

Hacking and decrypting SSL and TLS traffic

This "Hacking and decrypting SSL and TLS traffic" video requires the latest version of Adobe Flash Player.
Download Flash

Get Flash

Send

Favorite

Mobile

Flag

Send it to your Mobile for Free

Country

Phone Number

Please Allow Few Minutes for SMS to Arrive

Comment on

'Hacking and decrypting SSL and TLS traffic' video

Your Name:

Email (optional):

Are you human?

Get it off your chest – be the first to comment on this video!

No text or picture Add-ons were added yet. How sad!

No Links were listed yet. Go ahead and share!

How to Make a New Post on WordPress

Learn how to create a new post on your WordPress blog.

How to build Java applications using Servoy Developer

Learn how to build portable Java apps. Servoy has a lot to offer Java developers and a nice way to deploy multiuser Web 2.0 applications from a single code base. Pros: • All open source tools and methods here. • A very rich visual programming environment that can quickly build apps. Cons: There is a lot to get used to and the user interface is a bit hard to navigate. Servoy USA, 299 W. Hillcrest Drive Suite 115, Thousand Oaks, CA 91360 (805) 624-4959, http://www.servoy.com

How to store files using Email

Learn how to store files on the internet using Email services.

Free Novatel USB727 Card for Verizon Video Review

FreeDataCards.com reviews the pros and cons of the Novatel USB727 for Verizon

Mac Tip: How To Add Themes And Add-Ons To Your Firefox

I will teach you how to add themes and Add-ons onto your Firefox!

RV Internet Anywhere: CradlePoint CTR500 & Verizon Cards

Cradlepoint CTR500 Mobile Router is Demonstrated and shown with the Verizon USB727 and KPC680 ExpressCard. See how they work together and how to get them Both for just $139.99 at MoreMobileInternet.com

A Firefox extensions tutorial

Firefox extension tutorial - How to find extensions for firefox, tabbed browsing, and more

Browsing anonymously using TOR- the Onion Router

Segment from Hak5 1x10- Browsing anonymously using TOR- the Onion Router Distributed by Tubemogul.

How to Use del.icio.us Social Bookmarking

Social media is one of the hottest topics of discussion right now in the communications industry and PR Newswire is happy to present some fresh resources to help you.

How to Encrypt emails using Voltage Security Network

Learn how to use VSN, a plug-in for Outlook/Outlook Express that makes for sending and receiving encrypted emails literally a snap. There is a Web portal for users outside the enterprise, and a secure file transfer application add-on to Windows Explorer as well. http://voltage.com/products/vsn.htm

Harrison: So Darren, last month, we demonstrated a man in the middle attack using Cain & Abel and are they real?

Darren: Yes, but like we also said, you can always secure yourself by using something like Gmail which uses SSL.

Harrison: Exactly right, so this month, we are going to take it a step further by doing a direct attack on the SSL protocol and show you have to decrypt SSLv3 and TLS Traffic.

Darren: That sounds like a lot of fun but I cannot hack on an empty stomach. Let us go get a bite to eat and then you can show us how it is done.

[Music Playing]

Darren: Okay. We are back from lunch. Harrison thanks for coming back on the show. How are going to perform this attack, like what is involved?

Harrison: Okay. Well first of all, we are going to use WAPix. I use WAPix version 2.7.

Darren: And that is just like Knoppix This is the Linux live disc drill.

Harrison: It is based on Knoppix. The author of the program basically is a security author then. He was doing a lot of their company and they said he had to use their computers and he could not install anything. So, how can you give anything done, right? So he said, “All right. Well, I will play by the rules and put all of my tools onto this one Knoppix CD and all my exploits. Basically boot off the CD and I got a portable hack toolkit.”

Darren: Now that is not the only portable hack toolkit. There is Knoppix STD.

Harrison: Yes, auditor.

Darren: Phlak. What does Phlak stand for?

Harrison: I have no idea.

West: Professional Hackers Linux Assault Kit.

Darren: Thank you West.

Harrison: West, thank you.

West: Welcome.

Harrison: Okay, so there are a bunch of different toolkits.

Darren: All right. So we are booted into WAPix, what is the first thing that we need to do?

Harrison: Okay. Well, the first thing we are going to do is run a program fragrouter and this going to route the IP traffic so that once we perform a man in the middle attack, it is everything is falling in the right direction.

Darren: Great! Okay, so once we have got that done, I just assume that we start the ARP.

Harrison: Yes exactly. We are going to use—I opposed to key enable, we are going to use arpspoof. This is a command line tool and we just enter the target address who are going to arp and the gateway and that will position ourselves in between it.

Darren: All right, now that is not all that is involve in the arp does in which the main line.

Harrison: No, exactly since we are not can cable does it all automatically but since we use a variety of tools the next time we have to do is DNS spoof and that will complete the attack and it runs silently.

Darren: Okay so once we have got Tina’s spoof we are pretty much sit between them, we can see everything that is going on.

Harrison: Exactly.

Darren: What do we need to get the SSL’s attack going on?

Harrison: Well, this is the heart of the attack. What we going to do is use a tool called Web MITM, which stands for Man in the middle. To create a spoof certificate and it is going to set on the network and just listen and as soon as the user tries to attempts to go to a secure site that certificate is going to come to us and it is going to stop go no further and instead he uses can begin our fake certificate.

Darren: Oh! So even fake stuff, good.

Harrison: Exactly and then what we do is just pull up, are they real. Sit them the network and sniff up all the traffic and as soon as the user accepts the certificate. Enter its password we are going to see Web MITM. We are going to start a lot of activity as soon as that happens the next step is just stop the other wheel [Voice Overlap].

Darren: So we sniff up the traffic we have seen that they have gone to SSL site like Gmail now what do are we going to do, we have got encrypted packets.

Harrison: Right, here is the key we can save that other wheel traffic and we use the tool code SSL. What that does is uses the combination of the encrypted SSL traffic that we sniff up plus the key pair.

Darren: Because we created the certificate.

Harrison: Exactly, we created the certificate so it is an

Transcription by: Scribe4you Transcription Services