Sniffing HTTPS in LAN using ARP Poisoning
Adithyan AK Balaji S
HTTP, HTTPS & HSTS
• Hyper Text Transfer Protocol (HTTP)
• Hyper Text Transfer Protocol Secured (HTTPS)
• HTTPS Strict Transport Security (HSTS)
HTTP Unencrypted Username Passwords
HTTPS Ecnrypted Traffic
Breaking HTTPS
• SSL Strip & Bettercap
• Attacker acts as proxy between Victim and server.
• Breaking HSTS
• What if we can sniff ?
Sniffing HTTPS Data
• Convert the attacker machine into a router.
• Enable IP forward to intercept the network traffic.
Hooking up the Target
• Scan for hosts in the network.
• Identify the target with MAC / Social Engineering / HTTP Data
ARP Poisoning
• Send n number of ARP Request
• Link Attacker’s MAC with Victim’s IP
• Ettercap, ARPspoof, MITMf.
Configuring Proxy Listeners on LAN
• Setup proxy listener on PORT 80 & 443
• Burp suite, ZAP, BeeF XSS Framework.
Sniffing HTTPS