Let’s say you are already a Man-In-The-Middle for example based on ARP-Spoofing or a Rogue AP. Now you are sniffing the traffic, but the problem is that most of the web servers just communicate via HTTPS. Then it’s time to try SSL-Stipping.<\/p>\n
General overview:<\/strong> Example (arpspoof):<\/strong><\/p>\n
\nThe concept was introduced by Moxie Marlinspike and shown by him at the Black Hat DC 2009. Afterwards he has developed a tool which executes his concept and it’s called sslstrip.
\n
\nIf your victim requests a website via HTTP we are able to setup an HTTPS request to the web server. It’s not gonna work if the victim requests it via HTTPS. As soon as we got a response from the web server we bring all links from “https:\/\/…” to “http:\/\/…” and sending it via HTTP back to the victim.<\/p>\n
\n\r\n$ echo "1" > \/proc\/sys\/net\/ipv4\/ip_forward\r\n$ iptables -t nat -A PREROUTING -p tcp --destination-port 80\r\n -j REDIRECT --to-port <listenPort>\r\n$ sslstrip -l <listenPort>\r\n$ arpspoof -i <interface> -t <targetIP> <gatewayIP>\r\n<\/pre>\n