Description: [fabuloes] BT5 : HTTP(S)-Man-In-The-Middle [No Sound]
[Short description below]
Quick and effective HTTP/HTTPS MITM-Attack from a BT5-Box using Burpsuite, arpspoof and NAT rules in iptables.
------------------------------------------------------------------
1st step:
- Enable IP-Forwarding and configure iptables to redirect incoming packets to local port 80 (via NAT)
2nd step:
- Spoof ARP-Replies to get MITM between Gateway and Victim (Win7)
3rd step:
- Enable Burpsuite to listen on local port 80 and 443 (for HTTPS-Sniffing, you have also to self-sign the certificates)
4th step:
- Run Burpsuite, intercept HTTP-Packets from Client as well as from the server and sniff/manipulate them
(With the right filters and the burpsuite API, cool things like manipulating facebook conversations can be done)
Tags: MITM , arpspoof , HTTP , burpsuite , NAT ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.