Scribd
Upload
21 views

Practical Work on SSL[1]

Uploaded by

Hajar ES-SABERY
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
21 views

Practical Work on SSL[1]

Uploaded by

Hajar ES-SABERY
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

S.

LAZAAR
ENSA of Tangier
2024-2025

Practical work on SSL/TLS protocol

Objective
Students will learn the mechanics of the SSL/TLS protocol, explore its implementation in
secure communications, and analyze potential vulnerabilities and mitigations.
Tools and Resources
• OpenSSL
• Wireshark
• SSLstrip: Simulate vulnerabilities
• Apache to setup the server

Guidelines:
OpenSSL installed: sudo apt install openssl
SSLstrip installed: sudo apt install sslstrip

Part 1: SSL/TLS Basics and Setup


1. Tasks:
o Create a virtual network including 3 machines (client, Admin under Kali linux,
server)
o Prepare a website or only a webpage.
o Use OpenSSL to create certificates for your site
o Generate self-signed SSL certificates and configure the server to use them.
o Set up an HTTPS server (using Apache).
o Test the server's configuration using an online SSL testing tool.

1/3
Part 2: Analyzing SSL/TLS Handshake
1. Tasks:
o Use Wireshark to capture and analyze the SSL/TLS handshake between a
client and the server.
o Identify key elements such as:
▪ ClientHello and ServerHello messages.
▪ Certificate exchange.
▪ Cipher suite negotiation.

Deliverables
• A report detailing:
o Observations from SSL/TLS handshake analysis.
• Wireshark logs and screenshots as evidence.

2/3
Part 3: Explore SSLstrip for a basic understanding of how HTTPS, SSL/TLS, and MITM
attacks work.
Using SSLstrip alongside OpenSSL can help simulate and understand SSL/TLS vulnerabilities,
particularly those involving man-in-the-middle (MITM) attacks. While OpenSSL provides the
framework for secure communications, SSLstrip can demonstrate how improper
configurations or outdated setups can compromise security.

Intercept and Manipulate Traffic


• With SSLstrip running, use OpenSSL to inspect client-server communication.
• SSLstrip intercepts and downgrades HTTPS traffic to HTTP. Clients believe they are
communicating securely, but the connection is no longer encrypted.
Analyze Results
• Observe the downgraded connection using Wireshark:
o Capture packets and verify that HTTPS traffic is converted to HTTP.
o Inspect plaintext data that should have been encrypted.

3/3

You might also like