How to Use Ettercap and SSLstrip for a Man in the Middle Attack

June 30, 2016 | Views: 19230

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

What’s a Man in the Middle Attack (MITM)?

A MITM is a kind of cyber attack where a Hacker/Penetration tester compromises your network and starts redirecting all the network traffic through his own device (Laptop, Phone, Raspberry Pi, etc.).

What’s bad in these attacks is that the hacker, between attacking you, can see all your browsing information like your Passwords, Usernames, Emails, and even the messages you’re sending across.

These kinds of attack don’t tend to work with a website using “HTTPS.”

Screenshot from 2016-06-25 02-43-44

 

But, with a tool like SSLstrip, it can easily strip of the user “https” back to “http”. This means the attack will get your information in plain text.

 

Basic Ways to Mitigate an Attack

  • Always check if a site is using “https”.  If the site does use “https,” and it automatically changes to “http”, know there’s a “MITMA” happening on the network.
  • Don’t share your WiFi password with people you don’t know or trust.
  • Be careful about the kinds of details and websites you visit when using a public computer.

 

Using Ettercap and SSLstrip for a Man in the Middle Attack

The script can be found on github: https://github.com/Phexcom/Ettercap-and-sslstrip

#MITM Attack using Ettercap-and-sslstrip
This script was written in Bash to fire up Ettercap and SSLstrip during a Network Penetration testing. Here’s how to run it:

1. chmod +x sniffer.sh
2. ./sniffer.sh
3. Enter the network interface when prompted
4. When the other tab is opened, just click the enter key

 

Requirements:

1. Ettercap  – https://ettercap.github.io/ettercap/

2. SSLstrip  – https://moxie.org/software/sslstrip/

 

Installed on Kali by Default:

Kali OS  – https://www.kali.org/downloads/

This script helps us utilize Ettercap and SSLstrip by first enabling IP forwarding and then setting our IP table to listen at port 10000.

 

Thanks, Ettercap and SSlstrip!  This information is for educational purposes only.

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
13 Comments
  1. thank you great work

  2. This attack will not work on most browsers look into using MITMF and sslstrip+ to bypass HSTS for more success

  3. why this attack leave without internet to the victim?

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel