Jump to content

Sslstrip

Whistle Master

By Whistle Master
in Mark IV Infusions

 Share

Recommended Posts

  • Replies 142
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

abxy007 Newbie

abxy007

Posted
Posted (edited)

got usb swap setup on a 2 gb card

this is what is says when i type free in the command prompt

Executing: free
total used free shared buffers
Mem: 29524 23568 5956 0 1584
-/+ buffers: 21984 7540
Swap: 531212 564 530648

Verififed that usb swap has been enabled.....When I run sslstrip, i see a log file but when I try to get back to the web interface, i cant. It says pineapple not found (Firefox can't establish a connection to the server at 172.16.42.1.)

Edited by abxy007
Link to comment
Share on other sites
abxy007 Newbie

abxy007

Posted
Posted (edited)

Users in the following thread are having the same problem. I am one of them.

Could Not Access Web Interface

I think i got it working because now, I have a Log file on my usb drive. 

2012-06-05 10:42:23,853 POST Data (su.ff.avast.com):

!xœsJLQJ-,M-.nts.google.com):
goog-malware-shavar;a:70649-80675:s:76801-86262:mac
goog-phish-shavar;a:210081-215756:s:98770-101489:mac
goog-badbinurl-shavar;a:137-5514:s:61-4658:mac
goog-csdwhite-sha256;a:1-23:s:1:mac
goog-downloadwhite-digest256;a:1-27:s:1-3:mac

2012-06-05 12:27:50,055 POST Data (safebrowsing.clients.google.com):
goog-malware-shavar;a:70656-80677:s:76801-86263:mac
goog-phish-shavar;a:210081-215761:s:98770-101494:mac
goog-badbinurl-shavar;a:137-5514:s:61-4658:mac
goog-csdwhite-sha256;a:1-23:s:1:mac
goog-downloadwhite-digest256;a:1-27:s:1-3:mac

It this correct ?

Edited by abxy007
Link to comment
Share on other sites
abxy007 Newbie

abxy007

Posted
Posted

Seems to be correct to me as you captured some POST data.

By the way, I sent a new version to Seb to prevent the module to be started if ssltrip program is not installed first :)

So i dont have to enter in any iptables stuff at all for recording secure data?

Link to comment
Share on other sites
niggizito Newbie

niggizito

Posted
Posted (edited)

No, the setup is done by the module.

I found that once I setup a refresh interval in sslstrip or urlsnarf modules, click Off (to enable them, Off becomes On) then navigate away, the setting is no longer kept. Is it expected behaviour?

Edited by niggizito
Link to comment
Share on other sites
niggizito Newbie

niggizito

Posted
Posted

The refresh option is only to see the output of sslstrip or urlsnarf which is currently running. You can refresh manually or activate the auto-refresh to see the output in real time :)

The auto-refresh is not kept if you navigate away.

So it's expected...Good to know :-)

Thx, WM!

Link to comment
Share on other sites
PineDominator Newbie

PineDominator

Posted
Posted

My pineapple just arrived, I flashed it to the newest firmware (2.3.1) but I don't know how to install sslstrip in my pineapple? Can someone help me please?

Thanks in advance!

1. setup a usb thumb drive as per darrens post http://forums.hak5.org/index.php?showtopic=25882

2. now make sure ICS is working.

3. then once that is working ssh in and issue.

opkg update
opkg --dest usb install sslstrip

Link to comment
Share on other sites
mitzie Newbie

mitzie

Posted
Posted

@petertfm I have connected with ssh, but when I try to Issue "mkswap /dev/sda2" I get an error:No such file or directory...

I have connected the usb, and followed the darren's instructions. I don't get it... Any help? Thanks

Link to comment
Share on other sites
Whistle Master Newbie

Whistle Master

Posted
  • Author
Posted

@petertfm I have connected with ssh, but when I try to Issue "mkswap /dev/sda2" I get an error:No such file or directory...

I have connected the usb, and followed the darren's instructions. I don't get it... Any help? Thanks

If you post in the correct thread, you will get more chance to get it solved ;)

Link to comment
Share on other sites
abxy007 Newbie

abxy007

Posted
Posted

I now have sslstrip configured and working. I see the "post " function in the log but what I dont see is any "user credentials". I even logged in with my own banking info and nothing happened. Am I doing something wrong?

Thanks again for all your help!!!

Link to comment
Share on other sites
Whistle Master Newbie

Whistle Master

Posted
  • Author
Posted

I now have sslstrip configured and working. I see the "post " function in the log but what I dont see is any "user credentials". I even logged in with my own banking info and nothing happened. Am I doing something wrong?

Thanks again for all your help!!!

It happens that SSLstrip does not work with every browser, sites, etc.

Link to comment
Share on other sites
thaihenry Newbie

thaihenry

Posted
Posted (edited)

What ip tables rules did you use to get sslstrip working on a local lan (no ICS)

when I use the standard rule:

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

no traffic seems to be rerouted to sslstrip (except the traffic from the web interface)

I should add that my pineapple's address is 192.168.0.xx with the gateway on the same LAN and internet access works fine.

I would think that the main purpose of having sslstrip on a router is to not have to use a computer for internet connection and either connect directly to a LAN through ethernet, using 3G or as a repeater using wifi.

Also is there any reason why version 6 of sslstrip is being used? I can run the latest version with no problem, but again the traffic is not being routed to port 10000 with the above ip rule.

Thanks in advance

1) Regarding your first point (running sslstrip before IPtabel): don't want to see my own password in the log file :rolleyes:

No, serious: didn't try that but makes sense. You probably do not even have to start the script first BUT you have to start it and it should not crash, otherwise you have to use ssh or the powercycle method to access the webinterface ...

2) Don't want to correct you :) . You are correct of course. I’m connecting from a different IP as you noted but not from 172.16.42.0/24 subnet.

3) Don't know if I got your idea but then it should be

iptables -t nat -A PREROUTING -s ! 172.16.42.42 -p tcp --dport 80 -j ACCEPT

Not testet, but as far as I remember the "!" add an exception

So it would NAT everything but the management station. Maybe there is a way to get the IP of the management host (connection log: Pineapple authpriv.notice dropbear[10456]: Password auth succeeded for 'root' from x.x.x.x) an add an auto exception for this IP just in case the management connects not from 172.16.42.42.

Was also only a little brainstorming. Maybe it's getting a little too complicated now and you better add only the standard iptable rules as planed and everyone needs to change it, can change the config file where the iptable commands are defined

Edited by thaihenry
Link to comment
Share on other sites
thaihenry Newbie

thaihenry

Posted
Posted

Thank you for your reply and your work on this module, however unfortunately it does not work for me. It did work when the network settings were set default and I was using ICS. But I need to use it standalone on a lan without going through a computer. I looked through the bash script and the PHP code and only found the one standard iptable redirect rule. Did the installation of the module also add some code or config changes somewhere else outside the module?

Would appreciate if you can help me get this working standalone, on a lan without a computer runing ICS.

When I run sslstrip manually, and use iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000 for some reason the traffic does not get directed to port 10000. It flows right through.

The module configures everything you need in term of sslstrip program and iptables rules.

Link to comment
Share on other sites
thaihenry Newbie

thaihenry

Posted
Posted

I think I found a solution but I need others to also test this.

By default iptables does not work on the bridge interface br-lan.

it is turned off and any redirect command will have no effect.

https://forum.openwrt.org/viewtopic.php?pid=143700#p143700

I have edited /etc/sysctl.conf:

# disable bridge firewalling by default

net.bridge.bridge-nf-call-arptables=1

net.bridge.bridge-nf-call-ip6tables=1

net.bridge.bridge-nf-call-iptables=1

and redirect to port 10000 now works properly

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 10000

on the pineapple I believe the firewall is turned off, if you are using other versions of openwrt you will need to turn off the firewall (or modify the rules) so that traffic gets properly routed to the internet.

Link to comment
Share on other sites
thaihenry Newbie

thaihenry

Posted
Posted

sslstrip version 8 is running perfect on openwrt

there is a problem with the latest version 9 off sslstrip:

root@OpenWrt:/usb/sslstrip-0.9# python sslstrip.py

Traceback (most recent call last):

File "sslstrip.py", line 27, in <module>

from twisted.web import http

File "/opt/usr/lib/python2.7/site-packages/twisted/web/__init__.py", line 14, in <module>

from twisted.python.deprecate import deprecatedModuleAttribute

ImportError: No module named deprecate

I tried installing the zope.deprecate module with no luck.

Link to comment
Share on other sites
PineDominator Newbie

PineDominator

Posted
Posted

sslstrip version 8 is running perfect on openwrt

there is a problem with the latest version 9 off sslstrip:

root@OpenWrt:/usb/sslstrip-0.9# python sslstrip.py

Traceback (most recent call last):

File "sslstrip.py", line 27, in <module>

from twisted.web import http

File "/opt/usr/lib/python2.7/site-packages/twisted/web/__init__.py", line 14, in <module>

from twisted.python.deprecate import deprecatedModuleAttribute

ImportError: No module named deprecate

I tried installing the zope.deprecate module with no luck.

hey what command are you using to install version 8? and do you think it is faster/better?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...