In this blog post, we are going to see what is session hijacking, all things performed on my personal device
About practical: Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing so that we can protect ourselves against the real hackers "
Disclaimer :
Use this only for educational purposes... I am not responsible for your actions...Love you, guys. Stay safe !!! Stay legal !!
Tutorial :
Subtitle:
Now that we can load a perfect login page, that looks identical to the real login page, and there are no clues in it to indicate that this is loading inside another browser, we also removed all the scary parameters that are displayed here.
The only thing that I want to do is link this to a domain name and have HTTPS enabled on it. As a result, we're going to be able to see the lock icon in here, and we're not going to see this not secure, so this will look very, very believable.
Now, I covered how to do this previously, so that's why I'm actually just going to show you how to do it, but I'm not going to do it. First of all, you want to go to your domain name settings, you want to add an A record, and we explained
how to do that, and you want to link the domain name to the IP of the instance. The IP of the instance, as you can see here, is this, and I have that linked to my domain name.
That's good. The next thing that you want to do is to go ahead and enable HTTPS on it, and we can do that using CertBot. To do this, you want to first install CertBot by doing captain install CertBot, and we covered that again in multiple lectures before. As you can see,
it's saying that it is already installed
because I have installed it myself before. The next thing you want to do is actually create a certificate, and you do this by doing CertBot. We're going to say that we want CertOnly. We're going to use the dash D to specify the domain and in my case,
it's set as hacks .com, and we're going to tell it that we want you to do this using the stand-alone method, meaning that I want you to start your own server and do the authentication. Now, I covered how to do this previously. We covered this command and how it works
and why we need it. As a result of this command, you're going to get two certificates, the private key and the full chain. So once you have that, this command will output the links to the full chain and to the private key. And once you have them,
all you
have to run your novel with the dash cert option to specify the location of the certificate and the dash key option to specify the location of the private key. So I'm going to paste the path of my certificate in here, and I'm going to paste the path of my key in here.
So very, very simple. We're using the same command. We're just adding the dash cert and specifying the location of the cert that you get from the cert bot command. And then we're doing the dash key and specifying the location of the key again that you get from the cert bot command. I didn't actually execute the cert bot command because I've already generated these certificates to save you time I covered this previously and I don't want to be doing the same thing over and over. So if you don't understand...
1 Comments
Where is the practical video
ReplyDelete