How to Perform MITM Attack using Burpsuite to Intercept SSL Credentials

1
578
burp mitm ssl intercept

Burpsuite is undeniably one of the best web application penetration testing tools available today. The tool has been built in java and comes with various extension for detecting, testing and confirming various vulnerabilities. Mostly, these extensions are built in jar, python or jython.

What’s an MITM Attack : 

Men In The Middle (MITM) attack is carried out by an Intruder in the network whose purpose is to eavesdrop or to impersonate other communication over the network. An MITM attack can be explained in detail by understanding the following image

MITM Attack
MITM Attack

In the above given example, Peter is the Man who performs this MITM attack. Peter intercepts the network traffic and manipulates the data by his own for his personal gains. Intercepting the network traffics can be done in many  ways. Few common methods are listed below :

  • ARP Spoofing – Address Resolution Protocol (ARP) spoofing is done by linking the attacker’s MAC address with the Victim’s IP address by fake ARP messages and by forwarding it to the application, the data of the victim is transmitted to the atatcker who had impersonated the Victim’s IP.
  • IP spoofing – where the attacker where the attacker impersonated the IP address of either the victim or the application. If he impersonates the Victim’s IP, he can gain the victim’s data by making an forged request to the application with the spoofed IP address of victim and vice versa.
  • DNS Spoofing – where a illegitimate DNS is injected into the DNS cache causing the name server to  return an incorrect result
  • SSL Stripping – when a attacker downgrades the Vicitm’s HTTPS browsing to HTTP
  • SSL Beast
  • SSL Hijacking
  • HTTPS spoofing

How to Perform MITM Attack using Burpsuite to Intercept SSL passwords :

Inorder to intercept SSL credentials using burp suite, we must perform ARP poisoning in our network using Ettercap. In general, ARP poisoning is an attack carried out to spoof ARP messages flowing through the network enabling the attacker to intercept the passing data. To enable routing, open terminal and type

echo 1 > /proc/sys/net/ipv4/ip_forward

To start ARP poisoning attack  over your LAN, type

ettercap -i wlan0 -T -q -M ARP ///192.168.1.1///

Alright, ARP poisoning part is over which allows us to intercept the network data. Now, let’s go to configure Burp suite. In burp, Under Proxy>Options>ProxyListerners, click on “Add” button and bind with port 443. Make sure that the “invisible” box is checked.

Burp Suite Tutorial - MiTM Credential Harvesting

 

Now, everything is almost set. All we have to do now is running the DNS spoofing attack over our network. To start DNS spoofing over your interface, type

dnsspoof -i wlan0

After setting up the DNS spoof, get back to Burp Suite and Turn ON “Intercepting”

Burp+Suite+Free+Edition+v1.5+released

Boom! That’s it. All the HTTP & HTTPS request made by the victim can be intercepted through the burp suite. All we have to do now is sit back and wait for the victim to make his own dumb move. Whenever he makes a POST or GET reuqest, his request will be captured and displayed in the Burp suite.

To download Burpsuite for windows, Follow the link : http://gestyy.com/wPcYEF

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.