Sslstrip kali linux установка

How to Use the SSLstrip Tool for HTTPS Downgrading Attacks in Kali Linux

SSLstrip is a tool used for HTTPS downgrading attacks in Kali Linux. To install SSLstrip, open a terminal window and type the following command: sudo apt-get install sslstrip . This will install the SSLstrip package on your system. Once the installation is complete, you can start using SSLstrip. To do this, you will need to set up a network, configure IP forwarding, start SSLstrip, set up a proxy, monitor the traffic, and stop SSLstrip.

Set Up a Network

In order to use the SSLstrip tool for HTTPS downgrading attacks in Kali Linux, you must first set up a network. To do this, you will need to configure IP forwarding and set up a proxy. This tutorial will walk you through the steps necessary to set up a network for use with SSLstrip.

First, you will need to install SSLstrip. To do this, open a terminal window and type the following command: sudo apt-get install sslstrip . This will install the SSLstrip tool on your system.

Next, you will need to configure IP forwarding. To do this, type the following command in the terminal window: sudo sysctl -w net.ipv4.ip_forward=1 . This will enable IP forwarding on your system.

Once IP forwarding is enabled, you will need to set up a proxy. To do this, type the following command in the terminal window: sudo iptables -t nat -A PREROUTING -p tcp —destination-port 80 -j REDIRECT —to-port 10000 . This will set up a proxy on port 10000.

Now that you have installed SSLstrip and set up a network, you can start SSLstrip. To do this, type the following command in the terminal window: sudo sslstrip -l 10000 . This will start SSLstrip on port 10000.

Once SSLstrip is running, you can monitor the traffic. To do this, type the following command in the terminal window: sudo tcpdump -i eth0 -s 0 -w sslstrip.log . This will capture all the traffic and save it to a log file.

When you are done monitoring the traffic, you can stop SSLstrip. To do this, type the following command in the terminal window: sudo killall sslstrip . This will stop SSLstrip and close the log file.

By following these steps, you can use the SSLstrip tool for HTTPS downgrading attacks in Kali Linux. Make sure to always monitor the traffic and stop SSLstrip when you are done.

Configure IP Forwarding

In order to use SSLstrip, you must configure IP forwarding on your Kali Linux machine. This will allow the machine to forward traffic from one network interface to another. To do this, open a terminal window and type the following command:

echo 1 > /proc/sys/net/ipv4/ip_forward

This command will enable IP forwarding on your machine. You can verify that IP forwarding is enabled by typing the following command:

cat /proc/sys/net/ipv4/ip_forward

If the output is 1, then IP forwarding is enabled. If the output is 0, then IP forwarding is disabled. You can also use the Kali Linux documentation to learn more about configuring IP forwarding.

Start SSLstrip

In this step of the tutorial, we will learn how to start SSLstrip in Kali Linux. SSLstrip is a tool used to downgrade HTTPS connections to HTTP, allowing attackers to view and modify the traffic. To start SSLstrip, open a terminal window and type the following command:

Replace [port] with the port number you want to use. For example, to start SSLstrip on port 8080, type:

Once SSLstrip is running, it will start listening for incoming connections on the specified port. You can monitor the traffic by typing the following command:

This will display all the traffic that is being downgraded by SSLstrip. To stop SSLstrip, press Ctrl + C in the terminal window.

Set Up a Proxy

In order to use SSLstrip, you need to set up a proxy. This will allow you to intercept and modify the traffic between the client and the server. To set up a proxy, you will need to install a proxy server such as Squid. To install Squid, open a terminal window and type the following command:

sudo apt-get install squid

Once Squid is installed, you will need to configure it. To do this, open the Squid configuration file located at /etc/squid/squid.conf and add the following lines:

http_port 3128 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow localnet http_access allow localhost http_access deny all http_reply_access allow all icp_access deny all visible_hostname localhost forwarded_for off coredump_dir /var/spool/squid

Once you have configured Squid, you can start it by typing the following command:

You can then check if Squid is running by typing the following command:

sudo service squid status

If Squid is running, you can now set up a proxy in your browser. To do this, open your browser’s settings and enter the IP address of your machine and the port number (3128) in the proxy settings. You can then test the proxy by visiting https://www.whatismyip.com/ and checking if the IP address displayed is the same as the IP address of your machine.

Monitor the Traffic

Once you have set up the network and configured IP forwarding, you can start monitoring the traffic. To do this, you need to use a proxy server. You can use the Privoxy proxy server, which is available for free. Once you have installed Privoxy, you can configure it to forward all traffic to the SSLstrip server. To do this, open the Privoxy configuration file and add the following line:

forward-socks5 / 127.0.0.1:10000 .

This will forward all traffic to the SSLstrip server. Once you have configured the proxy server, you can start monitoring the traffic. To do this, open a terminal window and type the following command:

tcpdump -i eth0 -w sslstrip.pcap

This will start capturing all the traffic on the network. You can then use a tool such as Wireshark to analyze the traffic. This will allow you to see what data is being sent and received on the network. You can also use the SSLstrip log file to see what data is being downgraded from HTTPS to HTTP.

Once you have finished monitoring the traffic, you can stop the SSLstrip server by typing the following command:

This will stop the SSLstrip server and all traffic will be sent over HTTPS again. You can then analyze the traffic to see what data was downgraded from HTTPS to HTTP.

Stop SSLstrip

To stop SSLstrip, open a new terminal window and type the following command: killall sslstrip . This will terminate the SSLstrip process and stop the attack. You can also use the Ctrl+C keyboard shortcut to stop the attack. After stopping the attack, you can use the iptables -t nat -F command to flush the iptables rules and restore the original network configuration.

Once you have stopped the attack, you can use the netstat -anp command to check if the SSLstrip process is still running. If it is, you can use the kill -9 command to terminate the process.

Finally, you can use the iptables -t nat -L command to check if the iptables rules are still in place. If they are, you can use the iptables -t nat -F command to flush the rules and restore the original network configuration.

Useful Links

Источник

SSLstrip (SSLStrip+)

This tool provides a demonstration of the HTTPS stripping attacks that I presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial.

How does this work?

First, arpspoof convinces a host that our MAC address is the router’s MAC address, and the target begins to send us all its network traffic. The kernel forwards everything along except for traffic destined to port 80, which it redirects to $listenPort (10000, for example).

At this point, sslstrip receives the traffic and does its magic.

SSLStrip+ Description

This is a new version of Moxie´s SSLstrip with the new feature to avoid HTTP Strict Transport Security (HSTS) protection mechanism.

This version changes HTTPS to HTTP as the original one plus the hostname at html code to avoid HSTS. Check my slides at BlackHat ASIA 2014 OFFENSIVE: EXPLOITING DNS SERVERS CHANGES for more information.

For this to work you also need a DNS server that reverse the changes made by the proxy, you can find it at https://github.com/LeonardoNve/dns2proxy.

SSLstrip Help

Usage: sslstrip Options: -w , --write= Specify file to log to (optional). -p , --post Log only SSL POSTs. (default) -s , --ssl Log all SSL traffic to and from server. -a , --all Log all SSL and HTTP traffic to and from server. -l , --listen= Port to listen on (default 10000). -f , --favicon Substitute a lock favicon on secure requests. -k , --killsessions Kill sessions in progress. -h Print this help message.

SSLstrip Usage Example

Write the results to a file (-w sslstrip.log), listening on port 8080 (-l 8080):

root@kali:~# sslstrip -w sslstrip.log -l 8080

How to install SSLstrip

The program is pre-installed on Kali Linux.

SSLstrip Screenshots

The program is a command-line utility.

SSLstrip Tutorials

Источник