Obtaining SSL data with SSLsplit
In the previous recipe, we prepared our environment to attack an SSL/TLS connection while, in this recipe, we will use SSLsplit to complement a MITM attack and extract information from an encrypted communication.
Getting ready
We need to have an ARP spoofing attack executing before we start this recipe and have successfully completed the previous recipe Setting up an SSL MITM attack.
How to do it...
Firstly, we need to create the directories in which SSLsplit is going to store the logs. To do that, open a terminal and create two directories, as shown:
mkdir /tmp/sslsplit mkdir /tmp/sslsplit/logdir
Now, let's start SSLsplit:
sslsplit -D -l connections.log -j /tmp/sslsplit -S logdir -k certauth.key -c ca.crt ssl 0.0.0.0 8443 tcp 0.0.0.0 8080
Now that SSLsplit is running and the MITM between the windows client and the vulnerable_vm, go to the client and browse to:
https://192.168.56.102/dvwa/.The browser may ask for confirmation as our CA and certificate are not officially...
