Sniffing HTTPS in LAN using ARP Poisoning

Adithyan AK Balaji S

HTTP, HTTPS & HSTS

• Hyper Text Transfer Protocol (HTTP)

• Hyper Text Transfer Protocol Secured (HTTPS)

• HTTPS Strict Transport Security (HSTS)

HTTP Unencrypted Username Passwords

HTTPS Ecnrypted Traffic

Breaking HTTPS

• SSL Strip & Bettercap

• Attacker acts as proxy between Victim and server.

• Breaking HSTS

• What if we can sniff ?

Sniffing HTTPS Data

• Convert the attacker machine into a router.

• Enable IP forward to intercept the network traffic.

Hooking up the Target

• Scan for hosts in the network.

• Identify the target with MAC / Social Engineering / HTTP Data

ARP Poisoning

• Send n number of ARP Request

• Link Attacker’s MAC with Victim’s IP

• Ettercap, ARPspoof, MITMf.

Configuring Proxy Listeners on LAN

• Setup proxy listener on PORT 80 & 443

• Burp suite, ZAP, BeeF XSS Framework.

Sniffing HTTPS

$echo Queries?

Reach us @

• Adithyan.ak@owasp.org

• waynebat@protonmail.com