Hi,
I am learning about sslstrip. In sslstrip slides, the instructor mentions setting up port redirection and when we run sslstrip it starts listening on port 8080. Why do we need to set up port redirection and why we can’t just listen on port 80?
The rule redirects packets destined to port 80 (i.e. HTTP packets) to your SSLStrip
The victim will surf http://example.com which will use said port 80
1 Like
I just saw that you asked why one does not just listen on port 80.
Well, sslstrip may listen on any port - you just have to make sure that the victims packets will be redirected to it. I guess the victims packets usually are not targeted to your sslstrip (nobody will surf: http://attacker.site)
You are in MITM position and have to intercept/redirect the packages actively.
And now the actual answer to your question: man iptables-extensions
REDIRECT
This target is only valid in the nat table, in the PREROUTING and OUTPUT chains, and user-defined chains which are only called from those chains. It redirects the packet to the machine itself by changing the destination IP to the primary address of the incoming interface (locally-generated packets are mapped to the localhost address, 127.0.0.1 for IPv4 and ::1 for IPv6, and packets arriving on interfaces that don’t have an IP address configured are dropped).
Thats the point: a packet destined to example.com, 1.2.3.4:80 will be redirected to localhost:8080
If your sslstrip runs on port 80 you still have to redirect to your host
1 Like
Thank you so much. Sorry for the late response