I am trying to play around to understand how SSLStrip+ works by:
$ cat /proc/sys/net/ipv4/ip_forward
1
$ sudo iptables --flush
$ sudo iptables --flush -t nat
$ sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 9000
$ sudo iptables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to-port 53
$ python sslstrip.py -l 9000 -a log.txt
Then, I prepend 127.0.0.1 as a DNS in /etc/resolve.conf and I configure dns2proxy and fire up:
$ echo ".fakeexample.com 192.168.1.123" >> domains.cfg
$ sudo python dns2proxy.py -i enp3s0 -u 192.168.1.123
192.168.1.123 is the target IP (also my own machine running all commands above).
Then, I fire up my browser to hit http://fakeexample.com (fakeexample.com isn't on the HSTS preload list according to hstspreload.org)
I thought sslstrip+ would pick up the traffic from the browser but according to sslstrip+'s log, it doesn't. And the browser states connection refused.
What is missing?
sslstrip, I specified-l 9000, which will make sslstrip+ listens to port 9000 (according to the help page). You mean the victim's browser (my own browser in my case) will go through loopback interface even it sees ip of 192.168.123 instead of 127.0.0.1? I though loopback would be used if the ip is 127.0.0.1, no?sudo iptables -t nat -I OUTPUT -p tcp -o lo --dport 80 -j REDIRECT --to-ports 9000. sslstrip+'s log still shows nothing when my browser tries to access fakeexample.com. Not sure what goes wrong.lo