Hak5Darren asked:

This time on the show Darren’s having a little man-in-the-middle fun with a demonstration os SSLStrip, an epic tool for removing that pesky encryption from your victims browsing session. Plus Laser Cat Modding Moxie Marlinspike’s SSLStrip, released at Blackhat/DEFCON this year, is a tool that transparently hijacks HTTP traffic and redirects HTTPS links to look-alike HTTP links. While this description barely scratches the surface, Darren’s segment takes a closer look including a pracitcal demonstration of a man-in-the-middle attack using arpspoof and a little luck with remote-exploit’s BackTrack 4 penetration testing distribution.

Share →

25 Responses to Hak5 – Man in the Middle Hacking Fun with SSL Strip

  1. reubenthorpe1992 says:

    @theoriginalfatdonkey fuck you i love it when they talkz

  2. TheRemixedPancake says:

    @acdcgreatestbandever Well it’s not really a downside. It isn’t that hard the connect to protected wifi, because you can crack WPA and WEP passwords. Also a Man-in-the-Middle attacks would be smarter by manually sniffing out the info rather than a Trojan, because most people are smart enough to have an antivirus, so it would be detected easily.

  3. krazednconfused says:

    i couldn’t help but notice your shirt.

    i happen to like LDAP! but, you know. openldap’s implementation.

  4. icemanbx says:

    Holy fuck, SKIP ALL THAT BULLSHIT AT THE START. Like, the first 7 minutes. Thanks.

  5. MrJosiahT says:

    @IAMGraphicDesign It’s a EEEPC.

  6. KodessR says:

    RIP Matt 🙁 (not dead, but you know, no more hak5)

  7. mynamearekid says:

    @pulseforce I

  8. IAMGraphicDesign says:

    what type of netbook does darren have at 9:10?

  9. madichelp0 says:

    Darren is a pretty cool guy. He has drinks in his hair and doesn’t afraid of anything.

  10. acdcgreatestbandever says:

    The downside of all of this is that you need to be connected to the network in order to intercept trafffic on the sniffer. Sure enough its easy when you can go to a coffee shop with an unsecured wireless network and ARP spoof in then use SSL Strip from there. Even by using a secure VPN tunnel with SSH since you have access to the network already why not just inject them with a keylogger to grab password information from VPN tunnel passively?

  11. unknow123abc says:

    with ettercap it is totaly awome

  12. kalanamutthu says:

    energetic and positive women seeking same naneedj.info

  13. theoriginalfatdonkey says:

    @Bloodyfisted use the hp dv6000 pavilion entertainment pc if u want a cheap laptop with packet injection supporting capabilities. nno worries with that buy

  14. theoriginalfatdonkey says:


    I have a better similar method watch. Is there anyway I can help you guys do what u do? Im a decent hacker I work for SASAN PWDE program..

  15. theoriginalfatdonkey says:


  16. xbee30 says:

    love ssl strips

  17. pulseforce says:

    Darren is an alcoholic. Drinking during filming, yikes. Coca cola > Booze.

  18. yamuna37 says:

    Naughty Ladies waiting for some one mworld5.info

  19. Moy2005 says:

    i love the smell of packets in the morning 😀 XD

  20. lagooned says:

    Arpspoof keeps telling me that It can arp the target. I looked at the FAQ and it said that you must be on the same subnet as your target… what exactly does that mean? I never understood using NMap to scan different subnets. And I really don’t know what a subnet is. Ahh!

  21. xXxtremeFightroom says:

    Gotta love Darren’s ability to make learning fun! 😀 Awesome segment, he is now my favorite role model. hi5 to hak5! =) Keep up the awesome work!!!

  22. RyneKly says:

    Pouring your drink on your Head Darren F***ing greatness!!!

  23. AtheismandSkepticism says:

    snub’s facial expressions are priceless after the rum on head…

    rum on head > shoe on head.

  24. Bloodyfisted says:

    yo what kinda laptops do u guys use….I’ve been watching quite a lot of ur videos and ur laptops dont look like a piece of junk….

Leave a Reply

Your email address will not be published. Required fields are marked *

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop us a note so we can take care of it!

Set your Twitter account name in your settings to use the TwitterBar Section.