What is SSL Striping
When conducting a MitM attack, a lot of information cannot be intercepted because the traffic is encrypted using SSL.
SSL Striping is a SSL downgrade attack, meaning you intercept the traffic in HTTPS and forward it in HTTP. This way, the SSL connection is actually between you and the server and the client believes that the server communicates with them using HTTP.
Enable IP forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forwardBettercap can do both the ARP poisoning attack and the SSL striping attack with this command:
bettercap -G $GATEWAY_IP -T $TARGET_IP --proxy-httpsHTTP Strict Transport Security
HTTP Strict Transport Security (HSTS) is a policy mechanism that prevents HTTPS downgrades.
To bypass HSTS, we also need to start a DNS server.
When we intercept a HTTPS request, we slightly change the domain name in a way that isn’t obvious (facebook.com becomes faecbook.com). We then act as a MitM DNS server but we modify the domain name in the communications with the machine. When the machine’s browser looks at its HSTS table, it does not see any entry for the modified domain and accepts to communicate with us via HTTP.
Enable IP forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forwardStart the sslstrip+ attack:
python3 mitmf.py -i eth0 --spoof --arp --dns --hsts --gateway $GATEWAY_IP --targets $TARGET_IP