Bypassing HTTPS

In the previous section, we learned about how to intercept and capture packets sent over HTTP requests. However, many popular websites such as Google and Facebook use HTTPS, which provides added security by encrypting data being transmitted. If we attempt a man-in-the-middle (MITM) attack on a user accessing an HTTPS site, the user’s browser will likely display a warning message indicating that the website’s certificate is invalid, which would make the user wary of logging in. To circumvent this, we can use a tool called SSLstrip, which downgrades HTTPS requests to HTTP, redirecting the user to the HTTP version of the website they are attempting to access. This enables us to intercept the user’s traffic and capture sensitive information.

We can observe in the screenshot that hotmail.com is accessed using HTTPS. Therefore, if we attempt a MITM attack, the website will show a warning message on the address bar.

bypassing-https

In order to circumvent the warning, we will utilize a software tool called SSLstrip, which can be used to downgrade any request made to the HTTPS website and redirect it to the HTTP version of the same site. After accessing the HTTP version, capturing the data through sniffing will be simple, similar to the method employed in the previous section. This strategy will allow us to intercept the information without encountering any alerts or obstacles.

While MITMf automatically initiates SSLstrip for us, it is also possible to manually run the tool. The same command that was demonstrated in the previous section can be utilized, as illustrated in the accompanying screenshot.

bypassing-https2

As depicted in the screenshot, a confirmation message will appear to indicate that SSLstrip has been successfully initiated and is now running. Subsequently, we will switch back to the Window device and access hotmail.com, but instead of the HTTPS version, we will navigate to the HTTP version of the website. This action is presented in the following screenshot.

bypassing-https3

In the aforementioned screenshot, it is apparent that the website is being accessed through the HTTP version, with no indication of HTTPS. Furthermore, it is noteworthy that no warning message was displayed, resulting in the website appearing to be a standard, non-encrypted version of hotmail.com.

After accessing the non-encrypted hotmail.com and entering the login credentials, we will navigate back to the Kali machine and observe that the email address and the corresponding password have been successfully captured.

Popular websites such as Google, Facebook, and Skype utilize a security feature known as HSTS (HTTP Strict Transport Security), whereby the browser contains a pre-programmed list of websites that must be accessed via HTTPS. As a result, any attempts to downgrade the HTTPS connection to HTTP will be unsuccessful, as the browser will automatically default to the secure version of the website. The HSTS implementation operates by storing a list of restricted sites locally on the device, which prohibits the sites from being accessed via an insecure HTTP connection. Consequently, any attempts to circumvent this protocol will be futile, as the website will always be presented in HTTPS format.

If you have found the information provided on Bypassing HTTPS to be helpful, we recommend that you continue to follow us regularly in order to stay updated on the latest developments in the field of Ethical Hacking. Our team @ tutorials.freshersnow.com strives to provide relevant and useful content that will enhance your knowledge and understanding of this subject area.