Sniffing HTTPS Using YAMAS What is YAMAS?? YAMAS stands for Yet Another Man in the middle Automation Script. Yamas aims at expediting the MITM attacks by automatically setting the whole attack from ip forwarding, flushing old and creating new IP tables, to the ARP poisoning using arpspoof. The data packets travelling through HTTPS are stripped off the secure SSL(secure socket layer) by the sslstrip 0.9 tool by Moxie Marlinspike . No other script does that. Main Features of YAMAS : It mainly aims at the output of credentials and credentials only and nothing else. Credentials from any website would show up. This script is very user-friendly that is just few clicks and the attack is running. The dumped credentials are automatically saved in a log file. The script can be used to attack the whole network or a single or multiple targets as well. NOTE: The script was originally made for Backtrack operating systems only but can be modified and made compatible with the Kali Linux operating systems as well.
Yamas is a tool that aims at facilitating mitm attacks by automating the whole process from setting up ip forwarding and modifying iptables, to the ARP cache poisoning (either using ettercap or arpspoof). The traffic is stripped off ssl with the famous sslstrip 0.9. If any mitm script does that, Yamas has a unique and appreciated feature: it parses the logs as the attack keeps running, so that credentials are displayed just as they are sniffed. The parsing method is a home-made 100% pure bash script that -so far- never missed anything. And if it did, just report it to me and I'll update the file used to parse the logs. This update is independent from the whole update process, making it a very flexible parser.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Sniffing HTTPS Using YAMAS
What is YAMAS??
YAMAS stands for Yet Another Man in the middle Automation Script. Yamas aims
at expediting the MITM attacks by automatically setting the whole attack from ip
forwarding, flushing old and creating new IP tables, to the ARP poisoning using
arpspoof. The data packets travelling through HTTPS are stripped off the secure
SSL(secure socket layer) by the sslstrip 0.9 tool by Moxie Marlinspike . No other
script does that.
Main Features of YAMAS :
It mainly aims at the output of credentials and credentials only and nothing else.
Credentials from any website would show up.
This script is very user-friendly that is just few clicks and the attack is running.
The dumped credentials are automatically saved in a log file.
The script can be used to attack the whole network or a single or multiple targets
as well.
NOTE: The script was originally made for Backtrack operating systems only but
can be modified and made compatible with the Kali Linux operating systems as
well.
How to Install and Run YAMAS Script
Step 1 : Open your browser in Backtrack 5 and navigate to
www.comax.fr/yamas.php. Scroll down and select the download link as shown
and download it.
STEP 2: Save file and the file will be downloaded in Downloads folder
STEP 3 : Copy the Yamas.sh from the downloads folder to the desktop just to
make it simpler.
STEP 4: Change the permissions of Yamas.sh.
a) Right click on yamas.sh and select properties.
b) Change tab to permissions.
c) Tick Executable file as program.
STEP: 5 Run Terminal and type the following commands :
cd Desktop/
./yamas.sh
Press 'y ' when prompted.
How to Configure YAMAS
STEP 6 : Close the terminal after YAMAS is installed and run another terminal and
type yamas.
STEP 7 : a) We will be prompted the following : To What port should the Traffic
be redirected to? Default is 8080. We will choose that only.so press just press
enter
b) Now we will have to choose the port from which the traffic will be redirected.
We will choose the default port (8080) again and press enter.
c) Now we have to choose a filename to output i.e all the information that we
have sniffed will be stored here. You can choose any name. I will choose
yamaslogs.
d) Now it ll ask to choose a ip gateway address or the ip address of the router.
Here i ll choose the default again
e) Now it will ask you to choose the interface. It will automatically show you the
interface so press enter.
f) Now it will ask if we want to attack the whole Network. By default it will attack
the whole network but we can also enter the ip addresses of the victim(s) to
attack one or more than one selected victim(s).
After you press enter (either to target the whole network or specific IP
address(es)), a new window for passwords and ARPspoof will pop up and your
ATTACK IS RUNNING. The password window will show you the credentials of user
on various sites such as yahoo.com,gmail.com,facebook.com.
Now, suppose your victim logs on to 'yahoomail.com'
The SSLStrip has successfully stripped https to http.
YAMAS has stored the credentials in the yamaslogs file which we had created
before.
In the same way when the victim logs on to facebook.com.
The SSLStrip has successfully stripped again.
YAMAS has again intercepted the data traffic through ARPspoof and stored the
credentials.
Lucideus Winter Training Certification Program and Placement Opportunity
Thank you for showing your interest in Lucideus Training Certification & Placement Program. Details of the course and registration guidelines are mentioned here. Duration of the course
40 Hours
Types of Training
5 Day Boot Camp = 8 Hours X 5 Days = 40 Hours 20 Days = 2 hours X 20 Days = 40 Hours
Web Application Hacking & Security Email Accounts Hacking & Security Mobile Hacking & Security System Hacking & Security Wireless Hacking & Security Reverse Engineering Metaspolit Framework Cyber Forensics Crime Investigation
And many more…
Why Lucideus Training?
95% practical sessions with hands-on training. Trained over 60,000 students from more than 200 establishments globally. Experienced and highly qualified trainers. Most advanced IT Security Labs. Live Projects during training. (Offered to desired candidates) Maximum of 12 students per batch. Placement assistance to desired candidates.
Training Fee
Excluding Examination Rs 15,000 + 12.5% Service Tax = 16,854 Rs. (Includes, Training + Toolkit)