Performing Man in the Middle attack with sslstrip and Ettercap

In this tutorial we will address the type of attack known as Man in the Middle. This test “poison” the ARP table of the victim, causing the attacker machine – our machine – to pass through the router, so that we can intercept the traffic and have access to sensitive data exchanged between the two actors.

The exploration of ARP Poisoning is the fastest method to establish the means of communication between two machines and intercepting information sent between them, causing them to have access to confidential data, passwords, and traffic reports. This method applies only to Ethernet networks ie this type of communication can be summed up in internal networks, be they business, residential or even that free wifi in the food court of the Mall or coffee you like to attend.

1. Environment

In this example will be part of three actors: – attacking machine with Debian 8 Jessie – Victim with Windows 8.1, which can be any other OS, Windows, Linux or OSX – Router as Gateway

2. Preparing the attack.

In this example we need to stay with 3 open ends.
Open the first terminal. Now let’s activate packet redirection.

# echo 1 > /proc/sys/net/ipv4/ip_forward

Now let’s make all the redirection of packets that arrive on port 80 of our machine to port 7777

# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 7777

Now let’s activate Arpspoof to confuse the ARP table of the victim, the syntax is as follows:


In our case, as I am making the attack a wireless interface syntax would be

# arpspoof -i wlan0 -t


We’ll leave this open terminal infecting the ARP table of the victim. Let’s open another terminal and put the sslstrip to listen on port 7777

Open another terminal and as root, type:

# sslstrip -l 7777

Now we put the sslstrip to go into listening mode and hear all that get in the door 7777
Open the third terminal and as root, type:

# ettercap -Tq -i wlan0

The ettercap is a powerful network sniffer, is it going to show us all to go through the board wlan0 of our machine. Now the victim machine is fully guarded and interceptaremos every package you send it to the gateway.

Now we wait for the host to access any website and fill out a form. Recalling that the Ettercap and sslstrip will capture everything, not just passwords.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s