8/18/2019 p22a_MITM-Cain_ch12

1/3

Project 22: HTTPS MITM with Cain 15 pts.

Purpose

Cain performs the whole Man-in-the-middle attack, includin creatin a spoofed diital certificate! It

easil" steals passwords and traffic off the wire, e#en in HTTPS sessions!

Installing Cain and Abel

$! %se "our &irtual 'indows (P

machine

2! )pen a 'e* *rowser! +o to

http://www.oxid.it/cain.html

! ownload Cain . /*el for 

'indows (P, install it! It willalso install 'inPCap!

Sniffing for Targets

0! ou*le-click the Cain icon on

the desktop to launch Cain!

1! rom the top menu, clickConfigure!

3! In the 4Configuration Dialog5

 *o6, on the Sniffer ta*, #erif"

that the interface with the IP

address that oes to the Internetis hihlihted!

7! In the 4Configuration Dialog5

 *o6, on the /P8 ta*, click the

4se A!P !e"uest Pac#ets

$%ore &etwor# Traffic'5 radio *utton at the *ottom, as shown to

the riht on this pae! Click () !

9! In the upper left of the Cain window, click the 4Start/Stop Sniffer5 *utton the second *uttonfrom the left;, and the 4Start/Stop AP! 5 *utton third

from the left; so the" are *oth depressed, as shown to

the riht on this pae!

$>! In the 4Mac /ddress Scanner5 *o6, check the 4AllTests5 *o6! Click () ! 'ait while se#eral proress *ars mo#e across the screen!

$$! Click the AP!  ta* at the *ottom! Click in the empt" upper riht hand ta*le! Click the * icon on

the tool*ar!

8/18/2019 p22a_MITM-Cain_ch12

2/3

Project 22: HTTPS MITM with Cain 15 pts.

Starting the A!P Poison !outing

$2! In the 4?ew /P8 poison 8outin5 *o6, click the atewa" IP in the left pane! Then click the

taret IP in the riht pane, as shown *elow on this pae! Click () !

$! 'ait >

seconds! @oushould see a

Status of

Poisoning, asshown to the

riht on this

 pae! If "ou see

a status of AIdleA, tole

the the

4Start/Stop

Sniffer5 *utton

and the

4Start/Stop

AP! 5 *uttons,

lea#in them

 *oth depressed!

8/18/2019 p22a_MITM-Cain_ch12

3/3

Project 22: HTTPS MITM with Cain 15 pts.

(pening +mail on the Target %achine

$0! )n the taret machine, open Internet B6plorer and o to +mail.com

$1! @ou should see connections appearin in the lower portion of the Cain window!

$3! Bnter a fake user name and password into the +mail loin screen and tr" to lo in! @ou should

see warnins a*out the securit" certificate! /ree to connect an"wa"!

$7! )n the *ottom of the Cain window, click the Passwords ta*! In the left pane, click the ,TTPitem to select it! @our +mail password should *e #isi*le, as shown *elow on this pae!

Sa-ing the Screen Image

$9! Click outside the #irtual machine to make its title *ar dim! Press the PrntScn ke" to cop" whole

screen to the clip*oard in the host 'indows (P machine! )pen Paint and paste in the imae!Sa#e it as a PB+, with the filename our &ame Pro 00!

Turning in 1our Proect

$

a su*ject line of Pro 00 5rom Your Name! Send a Cc to "ourself!

Dast modified $2->->9