In this tutorial, Im going to teach you how to use sslstrip on Kali Linux. Additionally, we will simulate a target to demonstrate how sslstrip is used to capture a targets Facebook login information.\r
\r
WHAT WILL YOU LEARN IN THIS TUTORIAL?\r
\r
1) Nmap \r
\r
You will learn how to use Nmap to scan a network and discover hosts. Nmap is the tool that well use to find our target.\r
\r
2) ARPspoof\r
\r
You will learn how to use ARPspoof to redirect a devices internet traffic to your computer. ARPspoof is the tool that well use to intercept the targets HTTPS requests and login information. \r
\r
3) IPtables\r
\r
You will learn how to enable IP forwarding and create an iptables rule to forward and filter internet traffic. These are the tools that well use to redirect our targets port 8080 traffic (HTTPS traffic) to port 80 (HTTP). \r
\r
4) SSLstrip\r
\r
You will learn how to use sslstrip to observe and manipulate internet traffic. SSLstrip is the tool that well use to convert our targets HTTPS requests into HTTP requests. It will also be used to capture our targets HTTP POST data (i.e. usernames and passwords). \r
\r
NOTE: It is illegal to perform this attack unless you have explicit permission from the target. The information presented in this video is for educational purposes only and should not be used outside of a secure test platform.
\r
WHAT WILL YOU LEARN IN THIS TUTORIAL?\r
\r
1) Nmap \r
\r
You will learn how to use Nmap to scan a network and discover hosts. Nmap is the tool that well use to find our target.\r
\r
2) ARPspoof\r
\r
You will learn how to use ARPspoof to redirect a devices internet traffic to your computer. ARPspoof is the tool that well use to intercept the targets HTTPS requests and login information. \r
\r
3) IPtables\r
\r
You will learn how to enable IP forwarding and create an iptables rule to forward and filter internet traffic. These are the tools that well use to redirect our targets port 8080 traffic (HTTPS traffic) to port 80 (HTTP). \r
\r
4) SSLstrip\r
\r
You will learn how to use sslstrip to observe and manipulate internet traffic. SSLstrip is the tool that well use to convert our targets HTTPS requests into HTTP requests. It will also be used to capture our targets HTTP POST data (i.e. usernames and passwords). \r
\r
NOTE: It is illegal to perform this attack unless you have explicit permission from the target. The information presented in this video is for educational purposes only and should not be used outside of a secure test platform.
Category
📺
TV