Hijacking Web 2.0 Sites with SSLstrip-Hands-on Training

Presented at DEF CON 17 (2009), Aug. 1, 2009, 3 p.m. (50 minutes)

Many Websites mix secure and insecure content on the same page, like Facebook. This makes it possible to steal all the data entered on such a page easily, using Moxie Marlinspike's new SSLstrip tool. First I will give a brief explanation and demonstration of the technique, and then I will help audience members set up the attack themselves on their own laptops. Detailed instructions and all required software will be provided. Audience members should bring a laptop computer to participate in the hands-on training.

Presenters:

• Sam Bowne - Instructor, City College San Francisco, Computer Networking and Information Technology Department
  Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks at DEF CON and Toorcon on Ethical Hacking, and taught classes and seminars at many other schools and teaching conferences. He has a B.S. in Physics from Edinboro University of Pennsylvania and a Ph.D. in Physics from University of Illinois, Urbana-Champaign. His Industry Certifications are: Certified Ethical Hacker, Microsoft: MCP, MCDST, MCTS: Vista; Network+, Security+, Certified Fiber Optic Technician.

Links:

• https://defcon.org/html/defcon-17/dc-17-speakers.html#Bowne
• https://infocon.org/cons/DEF CON/DEF CON 17/DEF CON 17 video and slides/DEF CON 17 - Sam Bowne - Hijacking Web 2.0 Sites with SSLstrip Hands on Training - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=EtcVTNUwqnQ