SSL/TLS Session Hijacking

- Workshop @ BSidesSWVA -

Thursday, November 29, 2018

Wise, VA

This workshop will show how the SSLStrip tool can easily allow attackers to deceive casual untrained web users in order to obtain their login credentials. We will start by introducing the strengths and weaknesses of both symmetric encryption and asymmetric encryption. We will also go quickly over how Public Key Infrastructure operates. Then, you will learn how symmetric and asymmetric protocols are used together in the SSL/TLS protocol in order to offer secure affordable communication. During the workshop, you will use the provided virtual machines (links below) to simulate an attacker who will perform a man-in-the-middle attack to establish an insecure session with the victim and establish a legitimate connection with the server.

Disclaimer

This activity involves sniffing the network and spoofing packets. It can be prohibited to perform this activity on any network you don't own. Don't perform this activity on any network you are not authorized to run this activity on (e.g. university network).

 

The instructor(s) are not responsible for any loss, incidental or consequential damage, or loss arising out of installation, use (unauthorized or otherwise), errors, mistakes, accident, theft or fraud, destruction, or any part of the provision of services.

 

If you have questions, consult a lawyer.

Finally, the Internet is a dangerous place. Be careful.

Is this workshop for me?

Usually, you are expected to know the difference between HTTP and HTTPS. An initial understanding of how SSL/TLS works is preferred but not required. However, this workshop includes an introduction to the concepts you need to know before performing the hands-on attack. You should be able to learn from and understand this workshop as long as you are familiar with simple computer science and cybersecurity terms and concepts.

What is the maximum number of participants?

The workshop has a cap of 20 participants in order to allow an effective hands-on experience as well as smaller discussions.

What shall I bring with me?

Participants are required to have their own laptops with VirtualBox installed. We prefer that you have VirtualBox version 5.1.28. Participants must have at least 50GB of free hard disk space and at least 8GB of RAM. Please download the VMs in the "Workshop Material" section below before the workshop.

Workshop Material

You will use two virtual machines in this workshop. One will be used to simulate the attacker and the other will be used to simulate the victim.

 

You can download the attacker's virtual machine (Kali) from this link:
http://www.cs.virginia.edu/ibrahim/vms/Kali-Attacker.ova

 

You can download the victim's virtual machine (Windows 7) from this link: 
http://www.cs.virginia.edu/ibrahim/vms/Win7-Victim.ova

 

Please make sure that you have these downloaded prior to arriving on Thursday. Once you have downloaded both VMs, follow the directions in the "Lab Setup Guide" pdf below to import the VMs into your VirtualBox. MAKE SURE TO REINITIALIZE THE MAC ADDRESS OF EACH VM.

How can I register?

How can I help you?

You can help us be providing constructive feedback about your experience after you completely finish the workshop. Please take 3-minutes to fill out this feedback form: https://goo.gl/forms/eumskHeowgUVLZYJ2

Meet The Team

Ahmed Ibrahim
Lead Instructor
Chris Raley
Assistant Instructor
Collins Huff
Assistant Instructor

Still have questions?

If you have any questions, feel free to e-mail Ahmed Ibrahim at a.i@virginia.edu or call 434-924-8284.

Department of Computer Science

Rice Hall

85 Engineer's Way

PO Box 400740

Charlottesville, VA 22904