SSL Strip & How awesome it is!
This article isn’t like my previous articles where I demonstrate a hack that I have carried out but its more of a tutorial. I haven’t been writing much these days as I am focusing on developing my skills. I wanted to write about this hack in particular as it is one of those topics about which most of us know the theory but never really understand as to how should we put it in practise.
Let’s dig in!
I know most of you reading this article must have heard about SSL Striping, this is actually a man in the middle attack where you become a proxy between the victim and the webpage they are visiting. This is not even the main part, the actual trick is to strip off the SSL configuration present on the website and make a https website into a http website, making all the traffic communication in plain text.
Stripping off SSL
So, to begin with the attack let me give you an idea of the things required to carry this out
The victim needs to be on the same networkYou will need the victim’s IP addressThis attack works on Internet Explorer
First of all we need to figure out the interface we are using to connect to the network, to do so we can use the “ ifconfig ” command on our Kali Machine
Now once we figure out the interface we are using then we need to carry out the IP forwarding process for which we type in the given command.
echo 1 > /proc/sys/net/ipv4/ip_forward
Now, we configure our IP tables which will re-route the traffic from one part to the another, which is what our SSL Strip will be listening to
iptables -t nat -A PREROUTING -p TCP - -destination-port 80 -j REDIRECT --to-port 8080
As we have configured the traffic to be routed through our machine now we have to find the gateway router’s IP address, the command is
Once we figure out that then we need to scan all the machines that are on our network, for this purpose we can use nmap
nmap -sS -O 192.168.32.2/24
This is to figure out the IP address of the victim, the one we are going to attack. Once we figure out the IP address of the machine we can carry out the process of arp spoofing where the traffic from server meant for the victim’s system will be redirected to us and we will in turn forward that to the victim’s system
arpspoof -i eth0 -t 192.168.32.149 192.168.32.2
192.168.32.149 ( IP address of the victim )
192.168.32.2 ( IP address of the gateway router )
As soon as we carry out this command, then it is going to redirect the traffic to us. Simultaneously we need to open a new terminal, where we need to type out the following commands
sslstrip -l 8080
This converts the https websites into http, and we initiate a listener on the port 8080.
We are ready to go, whenever the victims opens their browser (Internet Explorer) and browse the internet the traffic will be redirected to us.
It is now that he trick begins, as soon as the victim visits an https website the website automatically converts into a http website.
Now this is a huge threat because as soon as the website becomes an http website then the traffic doesn’t remain encrypted anymore and all data is transferred in plain text. And cause we have already setup a listener on our Kali machine so we can catch all the traffic on our machine and then figure out the login credentials of the victim.
The example is below where the victim visits Facebook but the website is still http and SSL encryption is missing from the page.
What the catch!
After few minutes or hours when the listener is up we can find the captured details by typing in the following
This enables us to find every login credentials the user might have used to login the respective websites. The best thing about this whole process is that the user might not even realise that the traffic is compromised as long as they don’t check the URL.
So, the thing we need to understand is that these attacks can very well take place without the victim ever realising that they have been hacked.
As precaution DO NOT USE INTERNET EXPLORER, as browser like Firefox encrypts the traffic and the attacker won’t be able to decrypt the traffic to figure what it actually means.
Use add-ons like “ HTTPS everywhere ” which informs you every time you visit a website whether the website is using a secure SSL connection or not.
P.S. Please do visit this link for better understanding JackkTutorials SSL Strip
Twitter : twitter.com/aditya12anand
LinkedIn : linkedin.com/in/aditya12anand/
E-mail : [email protected]