I'm currently working on a MITM + sslstrip attack educational talk to create awareness on the importance on checking certificates specially if connected to public WiFi and having strong WiFi passwords to prevent unwanted third parties getting in.
I'm working with virtualbox, kali linux and an external WiFi network interface.
I'm currently executing:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 7777
arpspoof -i wlan0 -t VICTIM_IP -r ROUTER_IP
sslstrip -l 7777
My victim machine is my own mac computer. sslstrip works partially meaning that when I attempt to get into a site through Google Chrome/Safari that does not implement HSTS, the website loads with ugly format. First question, why is this happening? I am not figuring this out. Second issue is, when clicking on button to go to login page, sslstrip stops working and the page does not load at all, also I'm not understanding what I'm doing wrong.
Extra information:
I'm deleting all cookies and history from browsers to avoid cache issues to sites.
I appreciate any guidance since I'm new in the cybersecurity field.
UPDATE: I was using sslstrip+ and hence there was some problem behind. Using ssltrip did the job. Still the site i was using as an example did not have an HSTS for domain.com but yes for www.domain.com, so a first website i visit that had there login in homepage i was able to capture credentials, but a second site with same issue, had a login button and hence doing a redirect through www.domain.com and there were HSTS for that subdomain. My next learning step was deleting HSTS policies because my understanding is sslstrip is successful if the client is its first time visiting the domain and striping the HSTS header but i wasnt successful, so im still trying to understand that edge case.
