Home 0P3N Blog How to Use Ettercap and SSLstrip for a Man in the Middle Attack
Ready to Start Your Career?
Create Free Account
By: TYEB
June 30, 2016

How to Use Ettercap and SSLstrip for a Man in the Middle Attack

By: TYEB
June 30, 2016
By: TYEB
June 30, 2016

How to Use Ettercap and SSLstrip for a Man in the Middle Attack - Cybrary

What's a Man in the Middle Attack (MITM)?

A MITM is a kind of cyber attack where a Hacker/Penetration tester compromises your network and starts redirecting all the network traffic through his own device (Laptop, Phone, Raspberry Pi, etc.).What's bad in these attacks is that the hacker, between attacking you, can see all your browsing information like your Passwords, Usernames, Emails, and even the messages you're sending across.These kinds of attack don't tend to work with a website using "HTTPS."Screenshot from 2016-06-25 02-43-44 But, with a tool like SSLstrip, it can easily strip of the user "https" back to "http". This means the attack will get your information in plain text. 

Basic Ways to Mitigate an Attack

  • Always check if a site is using "https".  If the site does use "https," and it automatically changes to "http", know there's a "MITMA" happening on the network.
  • Don't share your WiFi password with people you don't know or trust.
  • Be careful about the kinds of details and websites you visit when using a public computer.
 

Using Ettercap and SSLstrip for a Man in the Middle Attack

The script can be found on github: https://github.com/Phexcom/Ettercap-and-sslstrip#MITM Attack using Ettercap-and-sslstripThis script was written in Bash to fire up Ettercap and SSLstrip during a Network Penetration testing. Here's how to run it:1. chmod +x sniffer.sh2. ./sniffer.sh3. Enter the network interface when prompted4. When the other tab is opened, just click the enter key Requirements:1. Ettercap  - https://ettercap.github.io/ettercap/2. SSLstrip  - https://moxie.org/software/sslstrip/ Installed on Kali by Default:Kali OS  – https://www.kali.org/downloads/This script helps us utilize Ettercap and SSLstrip by first enabling IP forwarding and then setting our IP table to listen at port 10000. Thanks, Ettercap and SSlstrip!  This information is for educational purposes only.
Request Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry