0

Haven't done much w/ networking, but at the moment I have two virtual machines (the attacker is kali and victim is ubuntu) with a host Windows 10 machine. Now, I'm trying to test SSLStrip. Normally, it looks like I would use arpspoof to get the 'attacking' VM in the middle of the connection between the 'victim' VM and the rest of the network, but this would subvert the entire network I'm on. Instead, I'd like to specifically tell my machine to route all packets to the attacking VM. The attacking VM would then do it's normal stuff like forward the traffic on port 80 to 8080 or whatever SSLStrip is set up on. Could someone point me in the right direction for the above?

Edit: What I've tried so far:

First I have my kali vm using a NAT adapter and bridged adapter. My ubuntu vm is just using bridged.

Enabled port forwarding on the kali machine:

echo "1" > /proc/sys/net/ipv4/ip_forward

Set up the routing:

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

Run sslstrip using: 

./sslstrip.py -a -l 8080

Now on my Ubuntu machine, I opened up firefox, go to advanced settings, then network, and changed proxy to "manaul proxy configuration. I changed the HTTP Proxy: to my kali machine's ip address which is:

inet addr: 192.168.0.102

and the port to

8080

which is the port stuff is getting redirected to for sslstrip. After doing this, I tried a few websites on ubuntu, and it just gets stuck on "connecting". Nothing shows up in the sslstrip log either.

Improve this question

1 Answer 1

Reset to default
0

Using arpspoof

If you set both virtual boxes to "bridged networking", arpspoof should work like on seperate hosts.

Using kali as router

You can enable NAT on your kali host (assuming the boxes are bridged)

echo 1 > /proc/sys/net/ipv4/ip_forward

Then you set your kali host as default gateway. Now all internet traffic should go through the kali machine, but usual network access should work like usual.

Using sslstrip as proxy

There is also a way to just set sslstrip as your browser's proxy, so only http/https traffic will ne affected.

Improve this answer
8
  • Hmm, that idea worked but, what if I specifically didn't want to use arpspoof?
    – pfinferno
    Commented Nov 7, 2015 at 19:23
  • There are 3 ways it this answer. What do you mean?
    – davidbaumann
    Commented Nov 8, 2015 at 9:11
  • Sorry was viewing this on my phone and didn't see the other two steps. I would like to use the second step. Now, are you considering my victim kali machine the host, or the attacking kali machine? I'm not sure how to set one of those as the default gateway.
    – pfinferno
    Commented Nov 8, 2015 at 17:44
  • The closest thing I had was the attacking machine w/ a NAT and bridged adapter, and the victim just bridged. I set the IP address of the victim as the gateway of the attacker, but when going to web pages nothing happened and sslstrip did not log anything.
    – pfinferno
    Commented Nov 8, 2015 at 17:45
  • I also tried the third step you listed which seems like it would be the easiest, by setting the proxy settings on my victim machine to the ip address and port 8080 of the attacking machine. That didn't seem to work.
    – pfinferno
    Commented Nov 8, 2015 at 18:01

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .