Update 0x4553-Intercepter
To the functionality of the program added 2 techniques: SSL MiTM and SSL Strip.
The first is an old classic technique of certificate substitution.
Allows you to intercept data of any protocol that is protected using SSL.
Supported as standard: HTTPS \ POP3S \ SMTPS \ IMAPS.
Optionally, you can specify any additional port.
When intercepting HTTPS, certificates are generated on the fly, copying the original information.
from the requested resource. For all other cases, a static certificate is used.
')
Naturally, when using this functionality, browser and other warnings are inevitable.
client software.
SSL Strip is a “silent” technique for intercepting HTTPS connections. Long working version
existed only under unix, now similar actions can be carried out in the NT environment.
The point is this: the attacker is “in the middle”, HTTP traffic is analyzed, all https: // links are detected and replaced with http: //
Thus, the client continues to communicate with the server in unprotected mode. All requests for replaced links are monitored and in response, data from the original https sources are delivered.
Because no certificates are replaced, then there are no warnings.
To simulate a secure connection, the favicon icon is replaced.
One logical condition for successful interception is that the URL must be entered without specifying the https prefix.
Official site - sniff.su
The first is an old classic technique of certificate substitution.
Allows you to intercept data of any protocol that is protected using SSL.
Supported as standard: HTTPS \ POP3S \ SMTPS \ IMAPS.
Optionally, you can specify any additional port.
When intercepting HTTPS, certificates are generated on the fly, copying the original information.
from the requested resource. For all other cases, a static certificate is used.
')
Naturally, when using this functionality, browser and other warnings are inevitable.
client software.
SSL Strip is a “silent” technique for intercepting HTTPS connections. Long working version
existed only under unix, now similar actions can be carried out in the NT environment.
The point is this: the attacker is “in the middle”, HTTP traffic is analyzed, all https: // links are detected and replaced with http: //
Thus, the client continues to communicate with the server in unprotected mode. All requests for replaced links are monitored and in response, data from the original https sources are delivered.
Because no certificates are replaced, then there are no warnings.
To simulate a secure connection, the favicon icon is replaced.
One logical condition for successful interception is that the URL must be entered without specifying the https prefix.
Official site - sniff.su
Source: https://habr.com/ru/post/129541/
All Articles