1
00:00:00,660 --> 00:00:07,170
Now everything that we did so far will only work against TTP pages.

2
00:00:07,170 --> 00:00:15,090
The reason why it works against each TTP because as we see in the data and TTP is sent as plain text

3
00:00:15,240 --> 00:00:19,580
so it's text that humans like us can read and understand.

4
00:00:20,400 --> 00:00:25,560
That's why when we're the man in the middle we're able to read this text and if we wanted we're able

5
00:00:25,560 --> 00:00:28,520
to modify this text as we wish.

6
00:00:28,520 --> 00:00:38,670
Now this is obviously a problem and this problem was fixed in haste TTP s so as you know most websites

7
00:00:38,700 --> 00:00:46,620
use haste TTP as the reason why like I said because it's a more secure version of TTP and basically

8
00:00:46,620 --> 00:00:53,970
the way it works is it adds an extra layer over his TTP which is where the S comes from.

9
00:00:53,970 --> 00:01:02,070
So it's a security issue TTP protocol and this extra layer will encrypt the plain text data that each

10
00:01:02,130 --> 00:01:03,690
TTP sends.

11
00:01:03,720 --> 00:01:10,080
So if a person manages to become the man in the middle they will be able to read this data but the data

12
00:01:10,080 --> 00:01:11,130
will be gibberish.

13
00:01:11,160 --> 00:01:22,170
It will not be readable to the person intercepting the connection now TTP s relies on till s or SSL

14
00:01:22,410 --> 00:01:23,760
to encrypt the data.

15
00:01:24,270 --> 00:01:27,250
And this is very difficult to break.

16
00:01:27,420 --> 00:01:35,740
Therefore in order to bypass this the easiest method is to downgrade haste TTP s connections to hate

17
00:01:35,740 --> 00:01:37,170
TTP.

18
00:01:37,230 --> 00:01:44,430
So since we're the man in the middle we can check if the target is requesting a hasty CPS website and

19
00:01:44,520 --> 00:01:52,130
instead of giving him the hasty CPS version of that website we will give him the TTP version.

20
00:01:52,260 --> 00:01:58,890
This way the data will be sent in plain text and we'll be able to read it exactly as I showed you in

21
00:01:58,890 --> 00:02:00,780
the previous lecture.

22
00:02:00,780 --> 00:02:07,920
To do this we'll have to manually configure and use a tool called SSL strobe and I show how to do this

23
00:02:07,980 --> 00:02:10,220
in my more advanced courses.

24
00:02:10,410 --> 00:02:16,250
But luckily Buttercup has a couplet that'll do all of this for us.

25
00:02:16,260 --> 00:02:24,990
The only problem is this couplet does not replace all haste TTP s links to haste TTP in the loaded pages

26
00:02:25,830 --> 00:02:32,760
so I modified this couplet for you to make sure that it's going to work as expected and I've included

27
00:02:32,760 --> 00:02:39,090
it in the resources of the structure so all we have to do is download the zip and the resources of this

28
00:02:39,090 --> 00:02:43,500
lecture and I have it downloaded in my Kali machine.

29
00:02:43,740 --> 00:02:50,040
So I'm gonna go to my files and to my downloads and I have it right here.

30
00:02:50,040 --> 00:02:52,860
It's called Hitch s.t. as hijacked the zip.

31
00:02:53,700 --> 00:02:57,950
I'm gonna right click it and extract it here.

32
00:02:58,020 --> 00:03:02,370
This is the folder of this couplet and I'm going to copy it.

33
00:03:03,460 --> 00:03:06,580
And paste it in the correct location.

34
00:03:06,580 --> 00:03:12,810
Where better cup loads couplets from so to go to that location.

35
00:03:12,820 --> 00:03:20,590
You can either press control and El on your keyboard to open the path bar or you can press here and

36
00:03:20,590 --> 00:03:27,970
press a forward slash again to open the path bar once the path bar is open we want to go to you as our

37
00:03:28,960 --> 00:03:31,440
share better cab.

38
00:03:32,520 --> 00:03:40,250
Couplets so like I said this is the default location where better cups tours all of the couplets.

39
00:03:40,380 --> 00:03:45,530
I'm going to hit enter and as you can see we already have this couplet in here.

40
00:03:45,660 --> 00:03:48,340
But like I said this couplet is buggy.

41
00:03:48,450 --> 00:03:51,930
It doesn't work as expected so I'm going to delete it.

42
00:03:52,860 --> 00:04:01,650
So right click move to Trish and I'm going to paste the one that I just copied in here so that's it.

43
00:04:01,650 --> 00:04:02,590
We're good to go.

44
00:04:02,610 --> 00:04:11,280
We can go ahead and use this couplet from Buttercup but before we do that I also want to go to my home

45
00:04:11,280 --> 00:04:12,330
directory.

46
00:04:12,330 --> 00:04:17,000
This is where I stored the couplet that we created in the previous lecture.

47
00:04:17,040 --> 00:04:18,330
The spoof couplet.

48
00:04:18,330 --> 00:04:24,270
The one that one the AARP spoofing command and then run the sniffer.

49
00:04:24,660 --> 00:04:31,470
I just want to modify one thing in this so I'm going to right click it and open it with leaf pod and

50
00:04:31,470 --> 00:04:39,940
what I want to modify is I want to either an option to sniff in here so as you know this line net that

51
00:04:39,950 --> 00:04:42,480
sniff on will turn on my sniffer.

52
00:04:42,560 --> 00:04:53,610
But before turning it on I want to set the net dot sniff dot local to true.

53
00:04:53,610 --> 00:05:01,530
And what this option will do it will tell Buttercup to sniff all data even if it thinks this data is

54
00:05:01,530 --> 00:05:03,080
local data.

55
00:05:03,270 --> 00:05:11,250
The reason why I set this option to true because once we use the hash TTP as bypass couplet the data

56
00:05:11,250 --> 00:05:15,180
will seem as if it's being sent from our computer.

57
00:05:15,180 --> 00:05:21,570
So Buttercup will think these passwords belong to me to my computer and it will not display to me on

58
00:05:21,570 --> 00:05:22,410
screen.

59
00:05:22,500 --> 00:05:29,040
That's why we're setting it to true so that we can see all the usernames and passwords sent on the Web

60
00:05:29,040 --> 00:05:38,100
sites that we will downgrade from TTP as to each TTP so I'm going to save this control s and quit it

61
00:05:38,150 --> 00:05:38,640
control.

62
00:05:38,700 --> 00:05:48,050
Q And now we are actually ready to go and use this couplet so in the next lecture I'm gonna show you

63
00:05:48,050 --> 00:05:56,450
how to use this couplet to downgrade hasty CPS connections to a TTP and therefore be able to sniff your

64
00:05:56,500 --> 00:06:05,960
ls the log in information and passwords that people enter on websites that use haste TTP s by default.