p22a_mitm-cain_ch12
TRANSCRIPT
-
8/18/2019 p22a_MITM-Cain_ch12
1/3
Project 22: HTTPS MITM with Cain 15 pts.
Purpose
Cain performs the whole Man-in-the-middle attack, includin creatin a spoofed diital certificate! It
easil" steals passwords and traffic off the wire, e#en in HTTPS sessions!
Installing Cain and Abel
$! %se "our &irtual 'indows (P
machine
2! )pen a 'e* *rowser! +o to
http://www.oxid.it/cain.html
! ownload Cain . /*el for
'indows (P, install it! It willalso install 'inPCap!
Sniffing for Targets
0! ou*le-click the Cain icon on
the desktop to launch Cain!
1! rom the top menu, clickConfigure!
3! In the 4Configuration Dialog5
*o6, on the Sniffer ta*, #erif"
that the interface with the IP
address that oes to the Internetis hihlihted!
7! In the 4Configuration Dialog5
*o6, on the /P8 ta*, click the
4se A!P !e"uest Pac#ets
$%ore &etwor# Traffic'5 radio *utton at the *ottom, as shown to
the riht on this pae! Click () !
9! In the upper left of the Cain window, click the 4Start/Stop Sniffer5 *utton the second *uttonfrom the left;, and the 4Start/Stop AP! 5 *utton third
from the left; so the" are *oth depressed, as shown to
the riht on this pae!
$>! In the 4Mac /ddress Scanner5 *o6, check the 4AllTests5 *o6! Click () ! 'ait while se#eral proress *ars mo#e across the screen!
$$! Click the AP! ta* at the *ottom! Click in the empt" upper riht hand ta*le! Click the * icon on
the tool*ar!
-
8/18/2019 p22a_MITM-Cain_ch12
2/3
Project 22: HTTPS MITM with Cain 15 pts.
Starting the A!P Poison !outing
$2! In the 4?ew /P8 poison 8outin5 *o6, click the atewa" IP in the left pane! Then click the
taret IP in the riht pane, as shown *elow on this pae! Click () !
$! 'ait >
seconds! @oushould see a
Status of
Poisoning, asshown to the
riht on this
pae! If "ou see
a status of AIdleA, tole
the the
4Start/Stop
Sniffer5 *utton
and the
4Start/Stop
AP! 5 *uttons,
lea#in them
*oth depressed!
-
8/18/2019 p22a_MITM-Cain_ch12
3/3
Project 22: HTTPS MITM with Cain 15 pts.
(pening +mail on the Target %achine
$0! )n the taret machine, open Internet B6plorer and o to +mail.com
$1! @ou should see connections appearin in the lower portion of the Cain window!
$3! Bnter a fake user name and password into the +mail loin screen and tr" to lo in! @ou should
see warnins a*out the securit" certificate! /ree to connect an"wa"!
$7! )n the *ottom of the Cain window, click the Passwords ta*! In the left pane, click the ,TTPitem to select it! @our +mail password should *e #isi*le, as shown *elow on this pae!
Sa-ing the Screen Image
$9! Click outside the #irtual machine to make its title *ar dim! Press the PrntScn ke" to cop" whole
screen to the clip*oard in the host 'indows (P machine! )pen Paint and paste in the imae!Sa#e it as a PB+, with the filename our &ame Pro 00!
Turning in 1our Proect
$
a su*ject line of Pro 00 5rom Your Name! Send a Cc to "ourself!
Dast modified $2->->9