You are here: Home » Information Gathering » SSLstrip (SSLStrip+)

SSLstrip (SSLStrip+)

SSLstrip Description

This tool provides a demonstration of the HTTPS stripping attacks that I presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial.

How does this work?

First, arpspoof convinces a host that our MAC address is the router’s MAC address, and the target begins to send us all its network traffic. The kernel forwards everything along except for traffic destined to port 80, which it redirects to $listenPort (10000, for example).

At this point, sslstrip receives the traffic and does its magic.

Homepage: http://www.thoughtcrime.org/software/sslstrip/

Author: Moxie Marlinspike

License: GPLv3

SSLStrip+ Description

This is a new version of Moxie´s SSLstrip with the new feature to avoid HTTP Strict Transport Security (HSTS) protection mechanism.

This version changes HTTPS to HTTP as the original one plus the hostname at html code to avoid HSTS. Check my slides at BlackHat ASIA 2014 OFFENSIVE: EXPLOITING DNS SERVERS CHANGES for more information.

For this to work you also need a DNS server that reverse the changes made by the proxy, you can find it at https://github.com/LeonardoNve/dns2proxy.

Homepage: https://github.com/singe/sslstrip2/

Author: LeonardoNve

License: GPLv3

SSLstrip Help

Usage: sslstrip <options>

Options:
-w <filename>, --write=<filename> Specify file to log to (optional).
-p , --post                       Log only SSL POSTs. (default)
-s , --ssl                        Log all SSL traffic to and from server.
-a , --all                        Log all SSL and HTTP traffic to and from server.
-l <port>, --listen=<port>        Port to listen on (default 10000).
-f , --favicon                    Substitute a lock favicon on secure requests.
-k , --killsessions               Kill sessions in progress.
-h                                Print this help message. 

SSLstrip Usage Example

Write the results to a file (-w sslstrip.log), listening on port 8080 (-l 8080):

root@kali:~# sslstrip -w sslstrip.log -l 8080

How to install SSLstrip

The program is pre-installed on Kali Linux.

SSLstrip Screenshots

The program is a command-line utility.

SSLstrip Tutorials

Related tools

Also recommended: