From the course: Ethical Hacking: Session Hijacking
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Stripping SSL to downgrade the session - Linux Tutorial
From the course: Ethical Hacking: Session Hijacking
Stripping SSL to downgrade the session
- [Voiceover] One of the weaknesses of a man in the middle attack is that it requires the attacker to use a fake certificate with their public key. Some sites may detect this, and warn that the certificate is invalid. SSL stripping is an attack which is used in the key exchange protocol, and is used to downgrade security for the connection without interfering with the certificate exchange. This is also known as an HTTP downgrade attack. Let's look at what happens when an attacker downgrades the connection. Again, this starts with a man in the middle. The client enters the server URL to connect to, for example, their online banking system. The communications path is being subverted to send that message to the attacker. The attacker takes this message, and sends it on to the server. The server thinks this comes from the real client. The server responds to the attacker with an internet banking log-in page using HTTPS. The attacker modifies that response, changing it to HTTP, and sends it…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
(Locked)
Understanding web sessions4m 8s
-
(Locked)
Understanding WebSockets2m 41s
-
(Locked)
Banking on Zero1m 10s
-
(Locked)
Hijacking sessions using man-in-the-browser4m 32s
-
(Locked)
Intercepting sessions through man-in-the-middle4m 17s
-
(Locked)
Stripping SSL to downgrade the session1m 54s
-
(Locked)
Hijacking an HTTP session through cookies3m 20s
-
(Locked)
Using Subterfuge to hijack sessions through ARP poisoning7m 8s
-
(Locked)
Using Webscarab-NG as a web proxy3m 14s
-
(Locked)
Defeating the Hijack3m 6s
-
(Locked)
-
-
-
-