Aamir Lakhani wrote a overview of how to perform a ssl strip attack. The original post can be found HERE
Before beginning the lab, make sure you have Backtrack 5 R3 VM imported into VMWare Player/Workstation/Server/Fusion, or what ever Virtual machine environment you have chosen to utilize.
The following is an excerpt from the VMWare “Getting started with VMWare Player” VMWare Player 4.0 user guide.
Import an Open Virtualization Format Virtual Machine
You can import an Open Virtualization Format (OVF) virtual machine and run it in Player. Player converts the virtual machine from OVF format to VMware runtime (.vmx) format. You can import both .ovf and .ova files.
OVF is a platform-independent, efficient, extensible, and open packaging and distribution format for virtual machines. For example, you can import OVF virtual machines exported from VMware FusionTM into Player. You can import OVF 1.0 and later files only.
You can also use the standalone OVF Tool to convert an OVF virtual machine to VMware runtime format. The standalone version of the OVF Tool is installed in the Player installation directory under OVFTool. See the OVF Tool User Guide on the VMware Web site for information on using the OVF Tool.
- In Player, select File > Open a Virtual Machine.
- Browse to the .ovf or .ova file and click Open.
- Type a name for the virtual machine, type or browse to the directory for the virtual machine files, and click Import. Player performs OVF specification conformance and virtual hardware compliance checks. A status bar indicates the progress of the import process.
- If the import fails, click Retry to try again, or click Cancel to cancel the import.
If you retry the import, Player relaxes the OVF specification conformance and virtual hardware compliance checks and you might not be able to use the virtual machine in Player.
After Player successfully imports the OVF virtual machine, the virtual machine appears in the virtual machine library.
In this Lab, we are using Virtual Machine based attack hosts. The Hosts are Linux based Backtrack 5 R3 (based on Ubuntu Linux). The reason for using backtrack is that all of the modules, and associated dependencies for this lab are preloaded with the distribution. The module dependencies for SSLStrip are (these are already loaded with Backtrack):
- Python >= 2.5 (apt-get install python)
- The python “twisted-web” module (apt-get install python-twisted-web)
Additionally to utilize SSLSTRIP you need (Again already in Backtrack):
- Arpspoof or Ettercap (this lab we use Arpspoof, Ettercap has issues with wireless)
- IPChains / IPtables
Additionally when using backtrack or any Ubuntu distribution, it is a good idea to run APT to updates the existing packages. Backtrack has several custom distribution resources pre configured.
#Use this command to update: apt-get update && apt-get upgrade -y && apt-get dist-upgrade –y
Once your Backtrack virtual machine is installed and booted use the following credentials to log in:
Start the desktop environment by issuing the startx command from the terminal session:
Note: It is not mandatory that you utilize a GUI desktop. But for the purposes of this lab it is recommended. Those not as familiar working in a Linux command shell will likely find it simpler to switch between the multiple terminal windows needed to perform the upcoming operations.
You should now see an environment similar to the following:
For the purposes of this LAB we will only be using a single interface, your virtual machine might be configured with multiple Ethernet interfaces. We will need to check if there are multiple (virtual) Ethernet interface enabled.
In the upper left hand corner of the desktop click on the Xterm link.
When see a terminal window open on the desktop you are ready to continue.
- Use ifconfig to determine what interfaces are on the virtual machine.
Ifconfig | grep “eth”
This command will filter out all the miscellaneous and just show us the Ethernet interfaces, like below.
If we do indeed have more then one interface enabled issue the command ifdown with the interface name to disable it. If there is an interface named eth1 like shown above issue the command:
The output should be like what is shown below.