In this tutorial, I’m going to teach you how to use sslstrip on Kali Linux. Additionally, we will simulate a target to demonstrate how sslstrip is used to capture a target’s Facebook login information.
WHAT WILL YOU LEARN IN THIS TUTORIAL?
1) Nmap
You will learn how to use Nmap to scan a network and discover hosts. Nmap is the tool that we’ll use to find our target.
2) ARPspoof
You will learn how to use ARPspoof to redirect a device’s internet traffic to your computer. ARPspoof is the tool that we’ll use to intercept the target’s HTTPS requests and login information.
3) IPtables
You will learn how to enable IP forwarding and create an iptables rule to forward and filter internet traffic. These are the tools that we’ll use to redirect our target’s port 8080 traffic (HTTPS traffic) to port 80 (HTTP).
4) SSLstrip
You will learn how to use sslstrip to observe and manipulate internet traffic. SSLstrip is the tool that we’ll use to convert our target’s HTTPS requests into HTTP requests. It will also be used to capture our target’s HTTP POST data (i.e. usernames and passwords).
NOTE: It is illegal to perform this attack unless you have explicit permission from the target. The information presented in this video is for educational purposes only and should not be used outside of a secure test platform.
Nguồn: https://ftlinuxcourse.com
Xem thêm bài viết khác: https://ftlinuxcourse.com/huong-dan-cai-dat
Xem thêm Bài Viết:
- Trải nghiệm mới hay ho với hướng dẫn cài Mac Os trên vmware
- Bật mí cách cài đặt ssl miễn phí lên Let’s Encrypt
- Tuyệt chiêu tạo usb boot kali linux đơn giản dành cho bạn
- Hướng dẫn chi tiết từ A – Z các bước cài đặt Python trên Windows 10
- Bật mí quy trình cài đặt Kali Linux trên Vmware đúng chuẩn và chi tiết
Can you attack many targets at the same time?
well I can't access http version protocol of facebook it keeps redirecting me to https protocol ! anybody know why this happens ? it worked with http version of other website but not facebook.
How did u get that interface pls?
Can we use every Linux or only Kali?
how do i disable it now
Thanks you
When i do this, i cant connect to the imternet in victom
I know this video is 5 years old but I followed everything you did and when I put cat sslstrip.log into the terminal nothing showed up.
small request to everyone… arpspoof is nice… But mitmf is awesome use mitmf instead of arpspoof
You really need to explain what each argument to each command ACTUALLY does – not just show them for people to enter them w/o understanding them
most websites dont enable http so hows this supposed to work?
Was this possible before HTST?
Oh my god, cant believe how easy it is. Thanks mate! Just run it on 2 vms 1 with kali and the other with windows 7. Would love to have a job white hat hacking and pen testing lol
can you tell me about your kali skin ??
thankyou my friend it has been useful even in 2018
much love from canada quebec !
this method no longer works for 2018…has there been any adjustments to the process?
Your diagram is wrong. That is not how MITM or SSLStrip attack is done.
what theme do you use? it's very beautyful.
well explained
Wait… You spoofed the arp table from 192.168.0.7 saying that you were the gateway… ok, but, you would have to do the same thing against the router, saying to it that you were 192.168.0.7 to get full intercepting, right? But you didn't do this because only the sending from victim was important, so half intercepting was enough, am I right?
please tell me that how did you find the target IP address ??
Hey brother, which system are you using there.? The interface is awesome.
my victim pc is not able to use internet. address not valid in IE. neither I can ping.
Can u please tell me.. Is it possible to run these commands on centos?????
doesn't work anymore indeed, it has been fixed on internet explorer as well
omg love u man!!!!!!!
I tried on my network and it does not work
how do you connect to your targets network? im having trouble understanding what you mean
facebook doesn't have http anymore
where the ports are how do i get the right port to use ? want to test if it works with a iphone but people use different ports so what one do i use someone used 4444 this video uses 8080
sslstrip doesnt work
Wait. Is it possible to be traced when doing this attack?
your kali linux wallpaper….
looks like the doctor's name…
hey how did you change your theme in your kali linux
i hv error with sslstrip..
dout:target also in the same network please tell
Very good lesson! Thank U very much!
Hey, do u using fresh kali linux or live cd like on VirtualBox or VMware?
IF VB i cant see my wlan1 interface plz help
;S
Is this will work when the Victim is not connected to the router??? plaese Comment
when i type echo 1 > /proc … that command it says something about no such path or location ? and i look in that folder the ip_forward leafpad file had no writing inside it is that why >> idk whats wrong
Did all steps are same if i want to use on same network? Did you port forward?
it doesnt work 🙁
Thanks for the video. Really nice tutorial however, I have a simple question regarding the part where you entered the port numbers. Are the port numbers always going to be that?? or do we have to enter a different port number in any situation where we have to change them? Basically are the port numbers constant or variable? Thanks in advance. 🙂
Your network diagram is wrong – it's the other way around. Anyhow, nowadays HSTS mostly prevents this type of attack.
thanks…and i wanna know if cellphones apps can be sniffed the same?! or they are all encrypted?
Does it works for another SSL site than facebook?