Howdy crackers! In this article, we’re gonna cover how to use SSL Strip in Kali Linux which is a man-in-the-middle attack that allows an attacker or hacker to sniff passwords. It works for HTTPS servers and therefore we can sniff passwords of Facebook, Twitter, etc. social sites.
Basically, the attack works in sniffing cookies. The victim will request his connection over HTTPS but the request will come to the attacker and he will set up HTTP to redirect the traffic from HTTPS to HTTP. When the traffic will redirect to HTTP we can capture the unencrypted data.
The devices you want to hack must be connected to the same network. So, let’s look at the tutorial.
Fire up your Kali Linux Machine and let’s check out what interface we are connected to. To check that type ifconfig and hit enter. It will show up the interface you’re connected to. If you’re connected using ethernet cable it will show eth0 and if you’re connected using a wireless network it will show wlan0.
Here we’re connected using an ethernet cable. So now we’re gonna do IP forwarding. To do IP forwarding give the command-
echo 1 > /proc/sys/net/ipv4/ip_forward
After this step, our 2nd step will be configuring IP Tables. This step will be used to reroute all traffic from one part to another. To enter that part give the command-
iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 8080
So now we gonna need our gateway IP address. To know that give the command route -n and here it shown up our gateway IP address.
Now we’re all set. Here comes the 2nd step. We need the victim’s machine IP address that connected to the same network we are connected to. You’re all familiar with Nmap tool. Here we’re gonna use nmap tool to scan the whole network to know the IP addresses of the machines connected to the network. Simply give the command
nmap -sS -O 192.168.49.2/24
(Replace the IP address with your Gateway IP address)
Nmap started scanning the network and it has shown up the results of the IP addresses. We’re gonna take one IP address to do the attack.
We picked up an IP address and now we are going to configure arpspoof to start rerouting traffic through us. Start arpspoof by giving the command without inverted commas.
arpspoof -i eth0 -t ‘victim’s Ip address’ ‘your gateway IP address’
(ex: arpspoof -i eth0 -t 192.168.33.133 192.168.49.2)
If you’re using WLAN simply replace eth0 with wlan0 in the command. So here we setup successfully the arpspoof and now we are gonna start the SSL Strip. Open up another terminal and give the command sslstrip -l 8080 which will start the SSL Strip.
Now we are all set. Now if the victim visits the facebook login page it will redirect to HTTP and if the victim enters his username and password then you can see them by using the command cat sslstrip.log to view the captured logs of the SSL Strip session.
Note that it doesn’t work anymore on Windows 10 updated browsers. It only works on Windows 7 browsers. The updated browsers patched all their vulnerabilities. Therefore this exploit doesn’t work on them.
Don’t try these on others’ property without the owner’s permission. Hacking anything without permission and we are not responsible for any kind of damage. Do practical on your own things.
Hope you liked the tutorial. If this was helpful for you rate it and if you are facing any kind of problem regarding SSL Strip feel free to comment us below explaining your problem. Our team is always here for you.