Scribd
Upload
32 views3 pages

Practical Work on SSL[1]

Uploaded by

Hajar ES-SABERY
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
32 views3 pages

Practical Work on SSL[1]

Uploaded by

Hajar ES-SABERY
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

S.

LAZAAR
ENSA of Tangier
2024-2025

Practical work on SSL/TLS protocol

Objective
Students will learn the mechanics of the SSL/TLS protocol, explore its implementation in
secure communications, and analyze potential vulnerabilities and mitigations.
Tools and Resources
• OpenSSL
• Wireshark
• SSLstrip: Simulate vulnerabilities
• Apache to setup the server

Guidelines:
OpenSSL installed: sudo apt install openssl
SSLstrip installed: sudo apt install sslstrip

Part 1: SSL/TLS Basics and Setup


1. Tasks:
o Create a virtual network including 3 machines (client, Admin under Kali linux,
server)
o Prepare a website or only a webpage.
o Use OpenSSL to create certificates for your site
o Generate self-signed SSL certificates and configure the server to use them.
o Set up an HTTPS server (using Apache).
o Test the server's configuration using an online SSL testing tool.

1/3
Part 2: Analyzing SSL/TLS Handshake
1. Tasks:
o Use Wireshark to capture and analyze the SSL/TLS handshake between a
client and the server.
o Identify key elements such as:
▪ ClientHello and ServerHello messages.
▪ Certificate exchange.
▪ Cipher suite negotiation.

Deliverables
• A report detailing:
o Observations from SSL/TLS handshake analysis.
• Wireshark logs and screenshots as evidence.

2/3
Part 3: Explore SSLstrip for a basic understanding of how HTTPS, SSL/TLS, and MITM
attacks work.
Using SSLstrip alongside OpenSSL can help simulate and understand SSL/TLS vulnerabilities,
particularly those involving man-in-the-middle (MITM) attacks. While OpenSSL provides the
framework for secure communications, SSLstrip can demonstrate how improper
configurations or outdated setups can compromise security.

Intercept and Manipulate Traffic


• With SSLstrip running, use OpenSSL to inspect client-server communication.
• SSLstrip intercepts and downgrades HTTPS traffic to HTTP. Clients believe they are
communicating securely, but the connection is no longer encrypted.
Analyze Results
• Observe the downgraded connection using Wireshark:
o Capture packets and verify that HTTPS traffic is converted to HTTP.
o Inspect plaintext data that should have been encrypted.

3/3

You might also like