«

»

Print this Post

sslstrip

This tool provides a demonstration of the HTTPS stripping attacks that I presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial. For more information on the attack, see the video from the presentation below.

Requirements

  • Python >= 2.5 (apt-get install python)
  • The python “twisted-web” module (apt-get install python-twisted-web)

http://www.thoughtcrime.org/software/sslstrip/

Permanent link to this article: http://www.darknessgate.com/2015/03/15/sslstrip/