0

I am trying to run Mitmdump and the Sslstrip2 together but they are not working together.

Whereas they're both need to listen port 80, I forwarded both applications to unic ports, like following ;

For SSLStrip preperation--> iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 9090 For Mitmdump preperation --> iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

--Then I activated both of those applications ;

#Arp poisoning is active in this proccess.

1-) python sslstrip.py -l 9090 #Set this up to 9090, because following mitmdump listeneris default of 8080.

2-) ./mitmdump --mode transparent --modify-body :~s:"":"alert("hi");"

Problem is, they work seperately, but while co-execution just one of them working. I need to be able to use mitmdump while hsts, https is hijacked successfully.

Burak Baris
  • 31
  • 5
  • Using to programs is always more complicated. Mitmproxy is capable of doing the SSL stripping on it's own which should be much easier to get it run: see for example https://github.com/phackt/mitm/blob/master/script/sslstrip.py – Robert Dec 05 '20 at 12:26
  • How can I use that code ? executing it like "python sslstrip.py" does not work – Burak Baris Dec 05 '20 at 12:59
  • 1
    use `-s` command-line option and specify the sslstrip.py file name: https://docs.mitmproxy.org/stable/#running-a-script – Robert Dec 05 '20 at 14:57

0 Answers0