Hello guys in this tutorial we will learn hack paypal account using Man in the Middle (MITM) attack. Before going to this tutorial, let me explain how this attack works. It is a attack by which a hacker places himself in between his potential victim and the host that victim communicates with. He is able to see or manipulate all traffic sent between victim and host. Now let’s see how this attack actually works in real way step by step…
This attack works in various steps and here I am using backtrack as a attacker and windows system as a victim machine.
Follow the steps below to hack paypal account:-
Step 1 :- First open a terminal and write port forward command
echo 1 > /proc/sys/net/ipv4/ip_forward
In above command what actually happened in this step we put the backtrack machine into ip_forward mode. This is required because one’s the packets come it is important to rout the packet to its final destination. So basically in this step we put the attacker machine in ip_forward mode so it can forward all the victim packets to the right address.
Step 2 : – In this step we spoofs the arp replays telling the victim machine that the mac address of the Gateway is the attacker mac.
Step 3 :- In this step we set up an IP table rule by using which all the packets on port 80 go ahead and will re-routed to port 10000 on which the SSL script are listing of the attacker machine.
Step 4 :- Then in this step we run a ssl strip to run sslstrip first open a sslstrip console then write the following code..
sslstrip –a –k –k
In Backtrack 4 the sslstrip console is available at..
Applications – BackTrack – Privilege Escalation – Sniffers – sslstrip
In backtrack 5 the sslstrip console is available at..
Applications – BackTrack – Exploitation Tool – web Exploitation Tool – sslstrip
Step 5 :- Now run the ettercap command to sniff the password of victim
ettercap –T –q –i eth0
Step 6:- Then wait for victim to open the Paypal site or any sslstrip web based page..
Now again go to your attacker machine.. and check the victim user_id or password is successfully sniff or not..
The game is over we successfully got the victim user id and password..