English Amiga Board


Go Back   English Amiga Board > Support > support.Apps

 
 
Thread Tools
Old 07 January 2019, 07:50   #1
Cego
Registered User

Cego's Avatar
 
Join Date: Dec 2015
Location: Germany
Posts: 93
HTTPS Downgrader - surf the web with your amiga again!

Hey there international Amiga community!

I made a little HowTo about degrading HTTPS connections to HTTP. Now you may ask why? Well thats pretty simple. Our old machines are not capable of encrypting SSL connections fast enough, so we can't really use the web anymore. Even downloading demos from pouet.net require SSL.
So i did some investigation and experimenting and found this solution: We're gonna do a man in the middle attack and compromise all the traffic coming from the amiga, fetch the data, strip down all the SSL shit and forward it back to the amiga as plain HTML

It is absolutely safe as we're under control of both the "attacker" and the "victim" machine.
I will refer to them as client and proxy in this case.
Don't panic! Outside connections are still encrypted and secure. Everything we change happens inside the firewall in our locale network.

Let's go!



Tutorial


We need the following software:

- Linux (f.e. Debian)
- iptables
- ettercap
- sslstrip

We also have to look up our device name of the network device. Use ifconfig. For my tutorial i will use "wlan0"
Check your Client and routers IP adress. We'll need them too of course.

I'll use these to explain

Client 192.168.0.20
Router 192.168.0.1


1. Redirect port from the client


At first, we have to tell our mitm-proxy to reroute incoming traffic at port 80 to the destination port 10000. Thats the port where SSLstrip is listening to by default.

Open a console and type:
Code:
sudo iptables -t nat -A PREROUTING -p TCP -s 192.168.0.20 --destination-port 80 -j REDIRECT --to-port 10000

2. Configure Man In The Middle


Now we will use the mitm method to trick our Client and reroute its traffic to the mitm proxy machine.
It will fetch the traffic, strip down the SSL stuff and forward it to the client as unsecured data.


Code:
ettercap -Tq -M arp:remote -i wlan0 -S /192.168.0.20// /192.168.0.1//

3. run SSLStrip


All we need to do now is to start SSLstrip
Code:
sslstrip
Now just run IBrowse and open a website like youtube. You'll see that it will load as a http:// page.
Cego is offline  
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Similar Threads
Thread Thread Starter Forum Replies Last Post
https://www.imageupload.co.uk/ DamienD OT - General 31 22 September 2019 15:44
iBrowse and HTTPS sites? stu232 support.Apps 4 23 November 2014 20:54
Amiga Web Directory Solid Snake Amiga scene 1 26 January 2012 20:52
Surfing the Web with Amiga D4Ni3L3 support.Other 21 15 April 2008 03:17
New Amiga Web Browser Solid Snake Amiga scene 7 19 June 2006 16:04

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 02:21.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2019, vBulletin Solutions Inc.
Page generated in 0.06970 seconds with 13 queries