07 January 2019, 06:50 | #1 |
Registered User
Join Date: Dec 2015
Location: Germany
Posts: 163
|
HTTPS Downgrader - surf the web with your amiga again!
Hey there international Amiga community!
I made a little HowTo about degrading HTTPS connections to HTTP. Now you may ask why? Well thats pretty simple. Our old machines are not capable of encrypting SSL connections fast enough, so we can't really use the web anymore. Even downloading demos from pouet.net require SSL. So i did some investigation and experimenting and found this solution: We're gonna do a man in the middle attack and compromise all the traffic coming from the amiga, fetch the data, strip down all the SSL shit and forward it back to the amiga as plain HTML It is absolutely safe as we're under control of both the "attacker" and the "victim" machine. I will refer to them as client and proxy in this case. Don't panic! Outside connections are still encrypted and secure. Everything we change happens inside the firewall in our locale network. Let's go! Tutorial We need the following software: - Linux (f.e. Debian) - iptables - ettercap - sslstrip We also have to look up our device name of the network device. Use ifconfig. For my tutorial i will use "wlan0" Check your Client and routers IP adress. We'll need them too of course. I'll use these to explain Client 192.168.0.20 Router 192.168.0.1 1. Redirect port from the client At first, we have to tell our mitm-proxy to reroute incoming traffic at port 80 to the destination port 10000. Thats the port where SSLstrip is listening to by default. Open a console and type: Code:
sudo iptables -t nat -A PREROUTING -p TCP -s 192.168.0.20 --destination-port 80 -j REDIRECT --to-port 10000 2. Configure Man In The Middle Now we will use the mitm method to trick our Client and reroute its traffic to the mitm proxy machine. It will fetch the traffic, strip down the SSL stuff and forward it to the client as unsecured data. Code:
ettercap -Tq -M arp:remote -i wlan0 -S /192.168.0.20// /192.168.0.1// 3. run SSLStrip All we need to do now is to start SSLstrip Code:
sslstrip |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
iBrowse and HTTPS sites? | stu232 | support.Apps | 4 | 23 November 2014 19:54 |
Amiga Web Directory | Solid Snake | Amiga scene | 1 | 26 January 2012 19:52 |
Surfing the Web with Amiga | W4r3DeV1L | support.Other | 21 | 15 April 2008 02:17 |
New Amiga Web Browser | Solid Snake | Amiga scene | 7 | 19 June 2006 15:04 |
|
|