1
00:00:00,120 --> 00:00:04,230
Hello, everyone, welcome to our new video with our man in the middle attacks.

2
00:00:05,760 --> 00:00:12,780
Today, we're going to see how to perform various men in the middle attacks using better care.

3
00:00:14,670 --> 00:00:20,400
Better care can be installed easily using APT and still better cap installed.

4
00:00:22,320 --> 00:00:23,610
Better cap on Kelly.

5
00:00:24,360 --> 00:00:28,200
You can also installed on Mako using Brout install.

6
00:00:28,200 --> 00:00:28,950
Better cap.

7
00:00:35,220 --> 00:00:37,710
I have sit in seven box here on the right.

8
00:00:38,280 --> 00:00:39,870
Let's check its I.P. address.

9
00:00:50,340 --> 00:00:55,710
I'm just checking the IP address to verify with you that the same IP address that we will get later

10
00:00:55,710 --> 00:00:57,420
from better cap results.

11
00:01:05,200 --> 00:01:10,630
All right, now let's find some addresses in our network by using the dash dash, no spoofing option.

12
00:01:24,230 --> 00:01:25,450
I'm sorry about that.

13
00:01:25,510 --> 00:01:30,540
I just turned on the VPN, so it should be working.

14
00:01:30,670 --> 00:01:34,480
OK, so we have a lot of devices here.

15
00:01:34,530 --> 00:01:38,910
One of them is the zero that forty seven of the Windows seven here.

16
00:01:39,930 --> 00:01:42,120
You can also see the Bizimana.

17
00:01:45,190 --> 00:01:45,570
Right.

18
00:01:48,570 --> 00:01:56,140
We're using better carbon, we haven't specified interface by default, they will use the default interface

19
00:01:56,140 --> 00:02:04,090
you have, but if we can, we can also choose interface by using the Dashi Capital II option like this.

20
00:02:11,770 --> 00:02:17,720
If we run better cap without any arguments, he will attempt to spoof all hosts in the network.

21
00:02:18,520 --> 00:02:21,220
But in this lesson, we are not going to do this.

22
00:02:22,720 --> 00:02:30,280
So in order to specify a target, we will use a dash capital T option and then followed by the IP address

23
00:02:30,290 --> 00:02:32,980
we want to sniff or spoof.

24
00:02:34,930 --> 00:02:41,390
So one ninety two one six eight zero four seven.

25
00:02:41,860 --> 00:02:48,760
We can also use the Dashty for the gateway, but we don't have to do this because by default, better

26
00:02:48,760 --> 00:02:50,620
capital is the default gateway.

27
00:02:53,620 --> 00:02:58,090
Now let's try and sniff and TPS websites using SSL strip.

28
00:02:59,380 --> 00:03:08,440
The way your system works is in short, it replaces old age tips your URLs with HTP ones without SSL,

29
00:03:09,670 --> 00:03:15,460
but it will do that only with the client side and then it will communicate with the server using it

30
00:03:15,580 --> 00:03:17,470
to DPS for the same link.

31
00:03:17,470 --> 00:03:18,400
It has changed.

32
00:03:19,900 --> 00:03:26,530
So basically, basically, it will try to downgrade it to tips to GTP and communicate, communicate

33
00:03:26,530 --> 00:03:28,390
with the server during that.

34
00:03:31,720 --> 00:03:38,500
This technique doesn't work on all websites because of something called HTP, strict transport security,

35
00:03:38,620 --> 00:03:40,750
or in short, it's H.

36
00:03:40,750 --> 00:03:41,710
S t.

37
00:03:41,740 --> 00:03:44,130
S s s t.

38
00:03:44,170 --> 00:03:52,780
S as a security mechanism in modern browsers that doesn't allow for tips to downgrade HTP.

39
00:03:53,630 --> 00:03:56,680
I'm sorry I downgraded to HTP.

40
00:03:56,710 --> 00:04:01,090
It forces them to use tips for better security.

41
00:04:02,380 --> 00:04:08,230
So if you are requesting a website on HTP, it will force you to use https.

42
00:04:09,460 --> 00:04:13,420
So Web browsers also has something called preload lists.

43
00:04:14,080 --> 00:04:19,110
The Prioleau lists contain sites that must be accessed with tips.

44
00:04:19,840 --> 00:04:26,590
So if you're lucky and attacking a website not in the list, then you'll be able to intercept https

45
00:04:26,620 --> 00:04:27,190
connection.

46
00:04:28,600 --> 00:04:35,080
Websites like Google and Facebook are on the list already, so we're not they're not going to work so

47
00:04:35,260 --> 00:04:37,270
better can bypass it.

48
00:04:37,460 --> 00:04:38,080
It just.

49
00:04:38,080 --> 00:04:42,560
Yes, by changing the euro, you're visiting and adding something else to it.

50
00:04:42,880 --> 00:04:52,000
So, for instance, if we are visiting, visiting a website called W W W Dot, Bank of America dot com,

51
00:04:54,070 --> 00:05:01,930
it will intercept your doonas request and add maybe something to it, like w w w w maybe one more to

52
00:05:01,930 --> 00:05:12,740
the URL and it will get the DNS um um name and the IP address and it will pass it to your Web browser.

53
00:05:13,750 --> 00:05:19,750
This will make the Web browser of the victim thinks that this is a new domain not listed in the Prioleau

54
00:05:19,750 --> 00:05:22,900
list and hasn't been visited before.

55
00:05:25,000 --> 00:05:30,250
Therefore it will accept the HTP connection without implementing SSL to it.

56
00:05:31,870 --> 00:05:34,040
Let's see how we do this using Betacam.

57
00:05:37,540 --> 00:05:44,390
I'm using here to Dashty for our target and the best as proxy for our SSL to work.

58
00:05:45,700 --> 00:05:48,340
You can also specify a pause for the proxy.

59
00:05:48,340 --> 00:05:51,730
So if we go here and check to help.

60
00:05:56,760 --> 00:05:58,800
And go to our proxy.

61
00:06:07,350 --> 00:06:14,130
Here, proxy and proxy port, you can also specify that, but I just leave it the default one and we

62
00:06:14,130 --> 00:06:27,300
can also specify the DP, which is parsers we can use the post or like F.T. DHP, anything else we will.

63
00:06:27,660 --> 00:06:29,940
I'm going to just use the post here.

64
00:06:42,080 --> 00:06:43,360
All right, let's start.

65
00:06:48,070 --> 00:06:58,360
Now, Windows seven machine lets open Google, maybe visit our website like Bank of America dot com.

66
00:07:16,690 --> 00:07:22,150
All right, we look here at the left side, let's see how words.

67
00:07:26,920 --> 00:07:36,010
So here it's using a SSL strip and it's changing all the euro addresses inside the Bank of America itself

68
00:07:36,010 --> 00:07:41,500
because Bank of America, of course, it has a lot of euro addresses inside the page, this Web page.

69
00:07:42,640 --> 00:07:45,520
Now, let's try using your username and password.

70
00:07:45,580 --> 00:07:49,960
I'm just going to test the user name here.

71
00:07:50,170 --> 00:07:52,450
Just post one, two, three.

72
00:07:58,870 --> 00:08:00,170
Well, we're getting something here.

73
00:08:00,470 --> 00:08:07,540
See, we got the test, of course, if you look here decide it says not secure, but a lot of users

74
00:08:07,540 --> 00:08:10,130
don't realize that they don't even notice it.

75
00:08:10,960 --> 00:08:12,670
So here we got the passcode.

76
00:08:12,670 --> 00:08:16,920
We got the on line, the password and the user.

77
00:08:17,560 --> 00:08:17,920
Right.

78
00:08:18,640 --> 00:08:25,150
So we were able actually to do so straight here because we were using HTP.

79
00:08:25,150 --> 00:08:27,340
The website is not digital anymore.

80
00:08:27,940 --> 00:08:28,330
Right.

81
00:08:30,130 --> 00:08:30,760
All right.

82
00:08:30,770 --> 00:08:34,500
That was a quick demo on how to use SSL strip using better cap.

83
00:08:34,930 --> 00:08:37,200
Thanks for watching and see you in the next video.