Best approach for a site with no SSL
(12-31-2020, 03:42 PM)serpent Wrote: Hm... don't see what the absence of the SSL layer has to do with getting creds for it, it just means your http traffic is not encrypted and the site doesn't use any sort of certificate. Well, unless you're talking about user creds...

If you are looking for USER credentials, like their customer accounts, you should consider setting up a man in the middle attack via corrupted DNS caches. Due to the lack of SSL, you can easily request & resend the pages and requests, reading all of them and getting your hands on usernames and passwords. It won't make any difference to the end user, since they only get security alerts for https sites with faulty certificates.
With that approach, you might only get the hashed user creds so in order to login yourself, you would need to edit your own http requests for the site, which takes additional capturing efforts. I recommend using either burpsuite or tcpdump for it, as both of them are quite handy for copypasting http stuff.

Otherwise, sure, XSS and SQLI can do the trick too, if you know how to do it.

If you are after the website admin's creds, you could consider using some http webserver exploit, perhaps the site is missing a few patches since the admin was too cheap to setup ssl? Sometimes you can even XSS with php instead of js, which allows you to open a remote shell on the server.

Thanks, lot of things to think about, I don't know how to do MITM yet.
Hope i learn this at one point.

Messages In This Thread
RE: Best approach for a site with no SSL - by Majin-Buu - 01-02-2021, 08:56 AM
RE: Best approach for a site with no SSL - by 9ys - 01-02-2021, 01:19 PM
RE: Best approach for a site with no SSL - by 9ys - 01-02-2021, 01:44 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
  PassGAN: A Deep Learning Approach for Password Guessing Insider 1 6,243 01-26-2022, 09:43 PM
Last Post: enmafia2
  How to reduce the risk of being tracked when creating a phishing site? tR0J_0Ut4LuV 7 22,151 02-20-2021, 08:44 PM
Last Post: tR0J_0Ut4LuV
  McAfee Institute Partial Site Rip. [45GB][Mega] Hellsing 0 8,559 03-30-2019, 10:17 PM
Last Post: Hellsing
  Android 7 SSL Inspection EnigmaCookie 4 18,009 05-24-2018, 01:49 PM
Last Post: EnigmaCookie