Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,580 --> 00:00:07,020
OK so now we know how to generate an SSL certificate and this lecture I'm going to show you how to enable
2
00:00:07,080 --> 00:00:11,090
SSL on apache so that we can support Hastey CPS.
3
00:00:11,220 --> 00:00:16,950
And then we'd be able to use that on our captive portal so that it won't show a warning when people
4
00:00:16,950 --> 00:00:21,290
go to Haiti s ts Web sites to do that.
5
00:00:21,290 --> 00:00:24,100
I'm just going to clear this first and to do that.
6
00:00:24,110 --> 00:00:34,560
All we have to do is just to 8 to 10 Moeed and after that type the mode that you want to enable and
7
00:00:34,560 --> 00:00:37,570
in our case we want to enable SSL.
8
00:00:37,920 --> 00:00:40,560
Now for me it's telling me that it's already enabled.
9
00:00:40,560 --> 00:00:43,430
For you it's just going to enable it.
10
00:00:43,720 --> 00:00:45,070
Now that's perfect.
11
00:00:45,070 --> 00:00:52,440
Next we need to configure Apache to use the certificate and the key that we just created.
12
00:00:52,840 --> 00:00:57,680
So again we have to open the configuration file for Apache that we used before.
13
00:00:57,730 --> 00:01:05,890
So we're going to use Lifford to do that and the file is stored in it we see Apache 2 sites enabled
14
00:01:06,430 --> 00:01:09,040
000 Canth.
15
00:01:09,160 --> 00:01:16,120
So it's the same file that we opened before and in here if you notice you can see that we have a virtual
16
00:01:16,120 --> 00:01:18,290
host for port 80.
17
00:01:18,520 --> 00:01:25,280
And this is the part that's usually used for TTP for normal web pages.
18
00:01:25,300 --> 00:01:33,310
Now if we want to use Hastey CPS I'm just going to navigate all the way down and just create a new virtual
19
00:01:33,310 --> 00:01:33,880
host.
20
00:01:33,970 --> 00:01:39,600
So I'm just going to paste that I've actually copied the one on top and we're going to set the port
21
00:01:39,600 --> 00:01:46,800
here to 4:43 which is the port that's usually used by SSL.
22
00:01:47,210 --> 00:01:49,670
And we'll also have to close the virtual host
23
00:01:53,700 --> 00:01:55,850
and here we're going to say SSL engine
24
00:01:58,700 --> 00:02:06,780
on to enable that we're going to set the location for this certificate so we're going to do SSL certificate
25
00:02:06,810 --> 00:02:13,720
file and set the full path to the location where we have the certificate stored.
26
00:02:13,940 --> 00:02:22,560
And that is in route downloads fake AP and it's called sarod do it.
27
00:02:22,560 --> 00:02:29,810
PM Now you want to said the same so I'm just going to copy this for the key.
28
00:02:29,930 --> 00:02:42,290
So we're going to do SSL certificate key and this time instead of PM It was called Sarot dot key.
29
00:02:42,300 --> 00:02:47,620
Now this is actually supposed to be called key file.
30
00:02:47,730 --> 00:02:50,870
So we created a new virtual host.
31
00:02:50,940 --> 00:02:55,900
We set it to use port 443 because that's the port used for SSL.
32
00:02:55,890 --> 00:03:04,870
We set SSL engine to byone we set the SSL certificate filed to the file that we created in the previous
33
00:03:04,870 --> 00:03:13,650
step and we said the SSL certificate key file to the key that we created in the previous step.
34
00:03:13,780 --> 00:03:14,370
Now we're good.
35
00:03:14,380 --> 00:03:18,030
I'm going to save and quit.
36
00:03:18,320 --> 00:03:23,630
And finally I'm just going to modify the ports file for Apache.
37
00:03:23,630 --> 00:03:30,950
So again I'm going to do Leath pod and that file is stored in it you see Apache to portes
38
00:03:33,740 --> 00:03:39,680
and make sure that I'm listening on port 443 That's the port that we just enabled so you can see that
39
00:03:39,680 --> 00:03:41,840
I'm already listening for port 80.
40
00:03:42,110 --> 00:03:46,580
And I want to listen for port 443.
41
00:03:46,880 --> 00:03:54,050
I'm going to quit this research my apache.
42
00:03:54,170 --> 00:03:57,610
Now this failed so I think I said one of the files.
43
00:03:57,620 --> 00:03:59,210
I said the wrong path to it.
44
00:03:59,210 --> 00:04:00,840
So let me just have another look.
45
00:04:02,750 --> 00:04:06,580
So this should be my cert file.
46
00:04:08,130 --> 00:04:10,200
Let me just see if it actually exists.
47
00:04:10,210 --> 00:04:13,640
I'm just going to do ls and put the file name
48
00:04:17,970 --> 00:04:19,970
and I misspelled something.
49
00:04:21,390 --> 00:04:25,570
Oh it's yet it's certain that P E and not pen.
50
00:04:26,080 --> 00:04:27,190
So that should be there.
51
00:04:27,190 --> 00:04:29,650
Now just let's let's just make sure it's there.
52
00:04:31,480 --> 00:04:35,040
Yep and we'll make sure that I spell this correctly as well.
53
00:04:35,050 --> 00:04:39,830
I always make this OK now that's that's all there.
54
00:04:39,830 --> 00:04:45,720
So I'm just going to save quit and restart apache again.
55
00:04:45,800 --> 00:04:50,480
Now it's asking me for the password that we use we knew when we generated the certificate.
56
00:04:50,480 --> 00:04:53,670
I'm going to enter it now.
57
00:04:53,680 --> 00:04:56,180
Apache is working.
58
00:04:56,210 --> 00:04:58,370
Now let's come back here.
59
00:04:58,600 --> 00:05:05,710
Let's first test it with the normal TTP and make sure that we didn't break anything.
60
00:05:05,880 --> 00:05:08,100
And as you can see now that's working.
61
00:05:08,340 --> 00:05:15,640
So let's go back put t TTP s and see if the web page is going to work.
62
00:05:16,950 --> 00:05:21,040
Now perfect as you can see the web page is working.
63
00:05:21,240 --> 00:05:27,120
Now you can see that it's saying your connection is not secure but that's not because TTP is not working.
64
00:05:27,120 --> 00:05:29,950
That's because we self-signed certificate.
65
00:05:29,970 --> 00:05:33,050
And we just generated it locally on our computer.
66
00:05:33,330 --> 00:05:39,300
But if you remember at the start of the video when I tried to go to the Haitian version literally nothing
67
00:05:39,300 --> 00:05:39,740
happened.
68
00:05:39,750 --> 00:05:41,930
I couldn't even access the web page.
69
00:05:42,270 --> 00:05:44,030
But now the web page is working.
70
00:05:44,100 --> 00:05:47,290
It's just a must that this certificate is not trusted.
71
00:05:48,170 --> 00:05:55,250
Let's go to the target Windows machine connect to my network and try to go to Facebook or any of those
72
00:05:55,570 --> 00:06:00,650
s.c.s Web sites and see what this is going to look like for the client because it's actually going to
73
00:06:00,650 --> 00:06:02,460
look much better than this.
74
00:06:02,900 --> 00:06:05,290
So I'm here at the windows machine.
75
00:06:05,870 --> 00:06:15,610
I'm going to go on my networks and as usual connect to royal Wi-Fi version to and as you can see automatically
76
00:06:15,610 --> 00:06:21,250
I get the log in and I see the bar and we see how to achieve this before so that's not what we're really
77
00:06:21,250 --> 00:06:22,450
interested in.
78
00:06:22,570 --> 00:06:27,360
What we want to see is we want to go to Facebook and see what happens.
79
00:06:29,710 --> 00:06:32,980
Now as you can see this looks amazing.
80
00:06:32,980 --> 00:06:33,740
You can see that.
81
00:06:33,760 --> 00:06:35,800
Just tell us log into network.
82
00:06:35,800 --> 00:06:37,290
It's not showing any errors.
83
00:06:37,300 --> 00:06:41,580
It's not saying that secure connection couldn't be established.
84
00:06:41,590 --> 00:06:48,260
It's basically saying this Web site uses Haik as TS and therefore you just can't browse it please.
85
00:06:48,350 --> 00:06:55,470
Lagann if we click on the logon we go to the log in page where we can log in.
86
00:06:55,630 --> 00:06:57,100
So now anywhere we go.
87
00:06:57,100 --> 00:07:03,670
So let's go to a normal web site like dot com you'll see that we get the normal logon page if we go
88
00:07:03,700 --> 00:07:09,740
to websites that use haziest ts like for example G-mail.
89
00:07:09,850 --> 00:07:12,010
It will just tell us please log in.
90
00:07:12,130 --> 00:07:16,180
We can see the bar in here we can see everything is getting redirected.
91
00:07:16,240 --> 00:07:19,580
The log in page is being displayed automatically for us.
92
00:07:19,630 --> 00:07:25,960
So we've made a really really good fake network that behaves really well it actually acts exactly like
93
00:07:25,960 --> 00:07:28,090
a captive portal.
94
00:07:28,090 --> 00:07:33,330
Not only that but the way the log in screen gets displayed automatically is very convincing.
95
00:07:33,330 --> 00:07:39,070
And I think it'll fool a lot of people even if they have a WPA password and we'll see that later on
96
00:07:39,070 --> 00:07:40,050
in the course.
97
00:07:41,020 --> 00:07:45,150
Now the next lecture I'm going to show you how we're going to be able to capture the passwords.
98
00:07:45,160 --> 00:07:47,920
And third when people log into this web page.
9476
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.