SSL security

Workshop 6: SSL/TLS
The HTTPS stripping attacks
Zhou Peng and Daoyuan Wu
25 April 2014
SSLStrip Background
• The HTTPS stripping steps
– Transparently hijacking HTTP traffic
– Discovering HTTPS links and redirects
– Mapping HTTPS links into look-alike HTTP links
• References:
• Provide hands-on experience on attacking
HTTPS connections using sslstrip
• Understand how sslstrip can steal your
credentials (e.g., your Facebook username and
Overview of This Lab
• Preparation Step
– Step 1: Boot your system
– Step 2: Configure your Firefox browser
• Sslstrip Attacking Step
Step 3: Download and run sslstrip
Step 4: Browse HTTPS web sites
Step 5: Analyze how sslstrip intercept your connections
Step 6: Use sslstrip to steal your credentials
• Lab Assignment
Step 1 (Boot your system)
Reboot your computer to Mac OS
Find Terminal in Launchpad.
Find Firefox in Launchpad.
Find Python 2.7 environment
– It should be by default accessible in Terminal.
An example:
$ cd Documents
Documents $ python -h
Step 2 (Configure your Firefox
Start Firefox via Launchpad
Click Edit > Preferences
Click on Advanced and Select Network Tab
Click Settings… and Select Manual proxy configuration
Configure HTTP Proxy as and the Port is 8080
– Please do not enable “Use this proxy server for all protocols”
• Leave other entries (including SSL Proxy, FTP Proxy and
SOCKS Host) empty
• Erase No Proxy For entry
• Save your settings
Step 3 (Download and run sslstrip)
• Click Terminal in Mac
• Download sslstrip
• Decompress sslstrip (to Documents directory)
Use 7zip to unzip the
tar -zxf sslstrip-0.9.tar.gz & cd sslstrip-0.9
• Run sslstrip with help (see what options sslstrip
python -h
• Run sslstrip
python -a -w log.txt -l 8080
Step 4 (Browser HTTPS web sites)
1. Input in the address bar of
Firefox browser
2. After is loaded, come to
your Terminal which runs sslstrip and input
command “Ctrl+c” to terminate sslstrip
3. Open the file “log.txt” and search “Found
secure reference”
4. How many https links have been found by
Step 5 (Analyze how sslstrip intercept
your connections)
1. We use “” as a hint to see how
sslstrip intercept your connections
2. In the file “log”, we can find""; in the HTML
3. Back to your Firefox browser, right click at the
blank area and select View page source
4. Search “” in the page source,
you can find""
5. Now, Do you know how sslstrip works?
Step 6 (Use sslstrip to steal your
1. Run “python -p -w logpw.txt -l 8080” in
your Terminal
2. Visit using Firefox
3. Input “some username” in the username entry and
input “some password” in the password entry
4. Click Sign in
5. Terminate sslstrip using command “Ctrl+c” and read
the file logpw.txt
6. Search “email” or “pass” in the log file. What do you
find  [Or simply search your email address]
1. Use sslstrip to intercept your traffic when you
visit and answer the
question: How many HTTPS links have been
found and what are they? (5 marks)
2. Given that sslstrip can access all your
connections to the Internet. Now, you will login
to your Facebook account, how do you prevent
sslstrip from stealing your passwords? (5 marks)
– Hint: sslstrip can only intercept HTTP connections.

similar documents