SSL Stripping

There are two ways to handle HTTPS requests from your target victim.  The first is to simply do a man-in-the-middle attack such as ARP Spoof and DNS Spoof and hope that they don’t care when they see a warning for an invalid certificate.  The other way is to simply strip off the secure portion of their request and make it a ‘plain text’ request which is not secure.  By stripping the secure portion of the request, you take the chance of the target victim realizing that they’re not secure… but that’s better than them not accepting a bogus certificate.  So the choice is yours according to your strategy.

In order to use the SSL Strip technique, you will need to send any traffic from Port 80 (default web port) to whatever port you decide to have SSL Strip listening to.  IPtables will do this for you:
# iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port <listening_port>

With IPtables doing it’s job, all traffic on port 80 will be directed to whatever port you set SSL Strip to listen to.
$ sslstrip -l 1234 (that’s an el)
With the results, you can check out any traffic with a packet monitor to see if you can capture user names and passwords.


Scroll to top