Saturday, June 8, 2013

HACK FACEBOOK BY BREAKING THE SSL

In my previous post I've discussed how user's session is hijacked and how SSL/TLS is incorporated for secure communication. But still the hackers can sniff the user credentials by breaking the SSL/TLS. This technique is referred to SSLstrip which was released by Moxie Marlinspike to demonstrate the vulnerabilities he spoke about at Black Hat Technical Security Conference: USA 2009.




In this scope I'll be using BackTrack, a Penetration Testing Distribution integrated with the below tools to scan the Network, set up Firewall rules, MIMA, monitor client-server HTTP connection and sniff packets.

  1. NMAP
  2. IPTABLES
  3. ARPSPOOF
  4. SSLSTRIP
  5. ETTERCAP

SSLstrip strips out HTTPS links from unencrypted webpages, replaces them with HTTP links and sends the altered pages to the client. The client never sees an HTTPS link to click on, only the unencrypred HTTP version.



  • Techniques:   

1. First Scan your network and find the target using NMAP, a Network Scanner. In this case i got 192.168.1.5 as the Target.



  2. Next I need to start the IP Forwarding which enables my machine to forward any network traffic it receives from the target to the router.



3. Next Set up port redirection using IPtables.



4. Next Man-In-The-Middle-Attack (MIMA) is begun by exploiting ARP Cache Poisoning to intercept network traffic between the target and the router.  



5. Start the SSLstrip tool and make it listen to default port 10000.



6. Start Ettercap to sniff the packets to fetch user credentials.



Once this setup is up and running perfectly, let the victim login the Facebook. In particular, the victim's HTTP traffic will be redirected to our port 10000, where SSLstrip is listening. After this we will be able to eavesdrop and steal all of the victim's passwords sent supposedly over SSL/TLS.



  • Protection:
1. Force-TLS add-on allows web sites to tell Firefox that they should be served via HTTPS in the future; this helps secure you from accidentally negotiating an insecure session with certain sites. 
 

2. HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTPS connections (i.e. HTTP layered over TLS/SSL)


Happy Hacking...Enjoy...

For educational purpose only...Do not misuse it...


Wednesday, May 8, 2013

HACK FACEBOOK BY HIJACKING THE SESSION

  • How To Hack FACEBOOK ?

Hello friends ! Previously I've posted different ways to hack the user account of Email Server or Social Networking site. For more information please click here. Today I'll illustrate the SESSION HIJACKING technique to hack FB Account.



In this scope I will be using BACKTRACK, a Penetration Testing Distribution integrated with the below tools for Network Scan, MIMA and Packet Analysis.

1. NMAP
2. ARPSPOOF
3. WIRESHARK

And two below scripts which are compatible with Mozilla Firefox will be used for Cookie Injection:

1. GREASEMONKEY
2. COOKIE INJECTOR

  • Techniques:   
1. First Scan your network and find the target using NMAP, a Network Scanner. In this case i got 192.168.1.3 as the Target.



2. Next I need to start the IP Forwarding which enables my machine to forward any network traffic it receives from the target to the router.



3.  Next Man-In-The-Middle-Attack (MIMA) is begun by exploiting ARP Cache Poisoning to intercept network traffic between the target and the router.  

First  a malicious ARP reply is sent to the target, associating my MAC address with the router's IP (192.168.1.1).


Secondly  another malicious ARP reply is sent to the router, associating my MAC address with the target's IP (192.168.1.3).


4. Next I start packet capturing using WIRESHARK at my wlan0 interface and
applied a filter with http.cookie contains datr. The cookie string printable text with GET label is then copied.



5. GREASEMONKEY and COOKIE INJECTOR scripts are then installed in my Firefox browser. After restarting the browser Facebook login page is opened and Alt+C is pressed to inject cookie strings captured in Wireshark.



Reloading the page and I am able to login target's account !


  • Protection:
1. Browse Facebook on a secure connection (https) when possible. Make sure Secure Browsing option in Security Settings tab is enabled.



2. Arpwatch is a computer software tool for monitoring Address Resolution Protocol traffic on a computer network. Network administrators monitor ARP activity to detect ARP spoofing.

3. Capsa Network Analyzer (Packet Sniffer) is an easy-to-use Ethernet network analyzer (aka. packet sniffer or protocol analyzer) for network monitoring and troubleshooting purposes.



Happy Hacking...Enjoy...

For educational purpose only...Do not misuse it...