1

I watched a video on youtube about using SSLstrip after conducing a MITM using arpspoof. The video, unfortunately, didn't provide any information about how it works. During the video, the guy typed

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

and then to put SSLstrip to listen on port 10000

sslstrip -k -l 10000

What I understood after reading the manual page of iptables is that the command redirects any incoming TCP traffic on port 80 to 10000 to feed it to SSLstrip and then SSLstrip removes the security out of HTTPS.(Please correct me if I'm wrong.)

My question is why do we redirect packets of port 80 and not port 443? HTTPS, as far as I know, works on port 443.

Edit : I've already read How does SSLstrip work? and it explains nothing about my problem. So, I believe, that my question should not be considered duplicate.

7_R3X
  • 606
  • 3
  • 12
  • 25
  • While it might not look like a duplicate in the first place it actually is. The real problem is that you currently have the wrong idea of how SSLStrip works. Once you've understood how SSLStrip works you will also understand why port 80 is redirected and not port 443. – Steffen Ullrich Oct 31 '16 at 14:39
  • 1
    If SSLStrip were to communicate with the browser on HTTPS (port 443), then the browser would immediately detect the MiTM attack. SSLStrip works by stripping out any `https://` links from an HTTP (port 80) connection. – 700 Software Oct 31 '16 at 14:39
  • I think that @Steffen is correct to mark this as duplicate. If you read the question (I know you said you did), you quickly discover that SSLStrip does not communicates with the browser on HTTP, and the server on HTTPS. If you had acknowledged understanding of that key detail, you could ask a followup question and that might not be considered duplicate. – 700 Software Oct 31 '16 at 15:02
  • In short: sslstrip changes https:// links inside http (port 80) traffic to http:// links. It does not intercept https (port 443) at all, i.e. it does not do a man in the middle attack against SSL which would be needed when intercepting SSL. – Steffen Ullrich Oct 31 '16 at 15:10

0 Answers0