Hijacking SSL

SSL has been in centerstage of researches as well as attacks for quite long time. Last year in a conference in Germany researchers showed how to generate duplicate certificates exploiting MD5 hashing to break SSL. Later in Black Hat, Maxie showed how to exploit a field in SSL certificates to sign an own forged certificate to present it to the client. The main feature of this attack was that the client will never get any warning dialog box by the browser and subsequently the hacker doing an MITM can see the conversation between the client and server. The client will even get a PADLOCK sign to be assured that all things are going via encryption, but in reality it's not. Maxie released a tool SSLStrip to carry out these attacks.
The tool has been used by many researchers around the world to carry out the attacks. They all used Unix machines as many open source utilities makes it easier to run the tool on it.
My attempt was to run the tool on a Windows machine. It has been never easy to do that. It took considerable amount of time to find Windows equivalents of the Unix commands and utilities.
But finally I did it.
Here is an white paper to help you understand. Would love to have comments from you.

It can be downloaded here:


Anonymous said…
Hi Nilesh!
I read your whitepaper and i have created a lab using your paper.
The command line for java tool apparently it works, but the sslstrip tool dont capture nothing.
The same lab in environment linux works fine with IPTABLES, but dont work in a Windows environment.
Have you any idea?
operat0r said…

I am trying to create portable sslstrip for windows so far I got it running and arp is working but I get no output from java or sslstrip ? rmccurdy1 ATATATATAT yahoo or rmccurdy_co m

* doubled check the registry setting ( reboot )
* arp is working I can see the traffic
* if I hit http://localhost sslstrip goes ape so I know that part is working

so its like its not going from the target to the port fwd. Is there something in windows I am missing besides the reg key ? have firewall enabled or disabled or something I am missing ? I have tried it on two differnt boxes one was clean build etc.

feel free to call me let me know a time and timezone to call you back and I can have you remote into test mashine here if you like ;)
Anonymous said…
I try your process to setup SSstrip on windows and i uncounter some problem at the step2. The java command does pass and i get the following output:
C:\Users\azea> java -classpath commons-logging.jar;portforward.jar org.enterpris
epower.net.portforward.Forwarder 80 localhost:10000
Exception in thread "main" java.lang.NoClassDefFoundError: org/enterprisepower/n
Caused by: java.lang.ClassNotFoundException: org.enterprisepower.net.portforward
.Forwarder at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source)
Could not find the main class: org.enterprisepower.net.portforward.Forwarder. Program will exit.
Please can you help me debugging that.
thank in advance.

Anonymous said…
Hello. I am having the same difficulties. Exception in thread "main" java.lang.NoClassDefFoundError: org/enterprisepower/net/portforward/Forwarder
I would like to know if anyone was able to find the issue.

Popular posts from this blog

SQL Injection in search field

File Upload through Null Byte Injection