Why HTTP is bad |why HTTPS is important
How hackers steal passwords from HTTP websites (Demo)
Note: This is only for the educational purpose. No matter which country you are it is illegal. Don’t try to steal other people’s credentials and sensitive data. If you are suffering by this kind of problems I am not the responsible person.
What is HTTP?
HTTP (Hypertext Transfer Protocol) is the set of rules for transferring files such as text, images, sound, video and other multimedia files over the web. As soon as a user opens their web browser, they are indirectly using HTTP. HTTP is an application protocol that runs on top of the TCP/IP suite of protocols, which forms the foundation of the internet. The latest version of HTTP is HTTP/2, which was published in May 2015. It is an alternative to its predecessor, HTTP 1.1, but does not it make obsolete.
What is Address Resolution Protocol (ARP)?
Address Resolution Protocol (ARP) is a procedure for mapping a dynamic IP address to a permanent physical machine address in a local area network (LAN). The physical machine address is also known as a media access control (MAC) address.
The job of ARP is essentially to translate 32-bit addresses to 48-bit addresses and vice versa. This is necessary because IP addresses in IP version 4 (IPv4) are 32 bits, but MAC addresses are 48 bits.
ARP works between Layers 2 and 3 of the Open Systems Interconnection model (OSI model). The MAC address exists on Layer 2 of the OSI model, the data link layer. The IP address exists on Layer 3, the network layer.
ARP can also be used for IP over other LAN technologies, such as token ring, fiber distributed data interface (FDDI) and IP over ATM.
How ARP works
ARP broadcasts a request packet to all the machines on the LAN and asks if any of the machines are using that particular IP address. When a machine recognizes the IP address as its own, it sends a reply so ARP can update the cache for future reference and proceed with the communication.
You can see more about ARP… that written by me.
What is a man-in-the-middle (MiTM) attack?
A man-in-the-middle (MiTM) attack is a type of cyber attack in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other. The attack is a type of eavesdropping in which the attacker intercepts and then controls the entire conversation.
MiTM cyber attacks pose a serious threat to online security because they give the attacker the ability to capture and manipulate sensitive personal information such as login credentials, account details or credit card numbers in real time.
You can see more about MiTM… that written by me.
How hackers steal passwords from HTTP websites ?
Now we are get into the topic that how the hacker going to steal our credentials. will see with the real world scenario
When the we are go to some websites you are broadcasts a request packet to all the machines on the LAN and asks if any of the machines are using that particular IP address. When a machine recognizes the IP address as its own, it sends a reply so ARP can update the cache for future reference and proceed with the communication.
cybercriminals insert themselves in the middle of data transactions or online communication. Through the distribution of malware, the attacker gains easy access to the user’s web browser and the data it sends and receives during transactions.
Here what happens is you are forwarding the traffic to the attacker, attacker read the traffic and let into forward to the real destination. Attack in the middle reading all these things, that is why we call “Man in the Middle” attack.
Let’s do real world demo:
I am going to use Ettercap is a tool basically a suite for man in the middle attacks on a LAN. It supports active and passive dissection of many protocols and includes many features for network and host analysis. It is capable of intercepting traffic on a network segment, capturing passwords, and conducting active eavesdropping against a number of common protocols.
For the testing purpose you can use virtual machine as another machine. Here I use VM ware and installed ubuntu
01. I open my Linux terminal(VM) and type the command below to install Ettercap.
sudo apt install ettercap-graphical or
sudo apt install ettercap-text-only
02. Usually traffic comes to the computer, Computer is just only processing. So we have to forward the traffic. To that must enable traffic forwarding.
3. To find the victim’s IP address.
I don’t know the victim’s IP, So Can I attack?
Yes, you can, so you have to find the IP address. If you don’t know the IP address you can attack the entire network.
4. Find ARP cache
5. Attack the victim machine
Add to Target 1 → as attacker
Add to Target 2 → as Victim
Now I am going to show you how real ARP negotiation work. To do that going to use tool Wireshark, here capture all the traffics in this network.
Run Wireshark → $ wireshark
So now we are going to start arp poisoning
According to this capture 192.168.179.2 is a victim but here the attacker acting as a victim and give their MAC address to the victim.
This is other way around here sender IP is a gateway to my victim this is my MAC address.
The attacker actually what does is attacker get victim’s IP and act as a the message coming originate from the victim’s machine, give MAC address to the victim. Other way around attacker acting as a sending message from the gateway to target victim. The victim using attacker’s MAC address to communicate.
The victim’s MAC replace to attacker’s MAC. Whenever victim go to the internet victim sends the message to attacker. The attacker forwarding to the destination. It is MiTM
Why not HTTP?
- you can be a victim of man in middle attack
- you can be a victim of someone logging your data through the routers.
- you can be a victim of someone logging your data anywhere between you and your destination
For this issue how we can prevent our sensitive information use HTTPS!!!!
References