• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
  • FYI - Your missing Content - your only seeing non-registered Guest Information... Quickly register and sign on to see more! (Shoutbox, current activity etc, more forums)

Sslstrip Tutorial

Dec 31, 2014
So since this is off-topic, I thought, why not show some people how to do sniff on a network anonymously, if this is not appropriate on the site, I would gladly take it down if asked to, but since this is, "hacking site," why not?. But anyway, let me start with the tutorial.

I am going to try to explain this as simple as I can, since I do realize maybe not everyone here is l33t pr0 h4x0rZ here, I'm not at least, so I 'might' get some information here incorrect, please do correct me if I am wrong.
Note: I do not intend anyone to use this for illegal purposes, I do not support blackhat-hacking, I am not affiliated in that community, at all. I am only showing this for people who wants to learn, be educated on the topic of network sniffing. If this is used for malicious purposes, like stealing financial data, that is your fault, and that is your choice. So please don't go into like Starbucks with a computer and just steal random data, you are bound to be caught if you use that information illegally!

When SSLSTRIP is active on your victims machine, the sites they visit which are HTTPS will be changed to HTTP which makes them very vulnerable for being recorded by the hacker. Such as facebook, facebook is originally protected from network sniffing with HTTPS, if you go to that site now, it will be HTTPS. SSLSTRIP is very effective and strong, and almost no sites are able to block it if the hacker has performed the attack correctly.
What do you need?
Well, its simple, you need linux as your operating system, you can use Kali-Linux (highly recommended), since then you don't need to download any content. You may get Kali from www.kali.org. You also need somewhat knowledge with how to work with computers, and very little networking knowledge, knowledge such as know how to scan for computers with nmap would be good, but not required, since I'll teach that in this tutorial. Kali could be used via VMWare Workstation.
So lets start
First of all, start Kali Linux, and be sure you have network connection on kali linux, and at least have some active targets online which you can sniff. If you have that, then lets begin.

First of all, open Terminal, and lets make sure our internet protocol is port forwarded, by doing this, type the following into terminal:
echo 1 > /proc/sys/net/ipv4/ip_forward

Alright, so to make sure that you have now successfully port forwarded your internet protocol, type in the following in terminal:
cat /proc/sys/net/ipv4/ip_forward

If the text comes up with a 1, its successfully port forwarded, if 0, then no, you have not successfully done it. If you do experience issues with this, you can open a new terminal and type in the following:
apt-get install wicd

Let installment finish, then type in terminal: client-wicd, and connect, then repeat the steps.

After this, we have to configure our iptables, we can do this by typing the following into terminal:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

Now lets begin scanning for our targets, and get our specific internet protocol we wanna sniff. So lets type in the following into terminal:
nmap -sS -O <Your GATEWAY Ip>/24

If you do not know your GATEWAY IP, just type the following into terminal:
route -n

And your GATEWAY IP should appear there, and do the nmap scan with that GATEWAY IP.

Wait until the scan is finished, now when the scan is finished, all of this confusing text will appear, it will only be confusing at first, you will understand as you read it, but you will notice that there are internet protocol's displayed all over there, just simply take one and make a note of it. Now after you have chosen your specific internet protocol to sniff, lets do some arpspoofing by typing in the following, BTW, don't type the stuff that's in the parenthese, just trying to explain what the stuff stands for:
arpspoof -i(nterface) eth0 -t(arget) -r(outer/GATEWAY IP)

So an example of this is:
arpspoof -i eth0 -t 192.168.x.x -r 192.168.x.x

Now let the arpsoofing go on, and open a new terminal and enter the following to start SSLSTRIP:
sslstrip -l 8080

And then you are done, now to view the information you are/have gathering/gathered, type cat sslstrip.log into another terminal.

I do realize this is probably a little confusing for some, but tried my best, please give some criticism, and feedback.