MITM - bypassing HTTPS
Most websites use https in their login pages, this means that these pages are validated using an SSL certificate and there for will show a warning to the user that the certificate is invalid.
SSLstrip is a tool that canbe used to downgrade HTTPS requests to HTTP allowing us to sniff passwords without displaying a warning to the user.
Luckily MITMf starts SSLstrip for us automatically.
Start the MITMf tool, and the SSLstrip runs the same time.
python2 mitmf.py --arp --spoof --gateway 10.0.0.1 --target 10.0.0.22 -i eth0
Browse the www.baidu.com on the victim win10 os.
Please note that , the URL becomes to http://www.baidu.com by default.
You can find the username and password in the MITMf terminal.
相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
