I understand as per this post the theoretical possibility of an attacker manipulating non-SSL forms in transit to a victim; can anyone articulate how this manipulation might take place IRL? A step by step example including required toolset would be ideal.
Yes, it's possible to carry out a MITM against SSL posting.. here is how it works..
First you need to carry out an ARP poisoning attack against the target[victim] machine and make sure the traffic from that target machine goes through yours. Some time back I blogged about this here. You can you dsniff for this.
Configure sslstrip in your machine. I also blogged about this sometime back.
What sslstrip does is - it will remove all "https" and replace those with "http" - so the communication between target machine and you will be in clear text and you can see anything from target machine.
sslstrip creates an SSL connection with the end server.
Thanks...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With