[Support] SSLstrip

[nolashadow]

a little issue here. when i click on logs and try to view the logs and start scrolling the page jumps back to the bottem. it will not let me see the log. Also when i click download to download the log a blank page comes up and thats it any ideas?

[IcarusM]

Hi guys,

I'm having problems with this:

Pineapple 1.4.1

sslstrip v1.6

I've flashed back to factory a couple of times to try to get this working but I usually only get this:

sslstrip output_1388534526.log [January 01 2014 00:03:42]
2014-01-01 00:03:42,775 POST Data (clients1.google.com):
0I0G0E0C0A0	+jpI#z(~dJhvbZ/c
T

I've tried multiple ways to install it and the above output is all that I've gotten...

Everything else is working, and my client is able to connect to the internet (sometimes not able to load the page, but rarely).

Rarely I do get the same kinda output that t31mo posted.

Please help!

[IcarusM]

The sslstrip version installed is "sslstrip 0.9 by Moxie Marlinspike"

[IcarusM]

Please let me know how you fixed this!

[Whistle Master]

Please post in the infusion thread dedicated to sslstrip infusion next time, you will get more help.

MOD: Moved.

[mreidiv]

Its now working for me at all i get this output from the command line

File "/usr/bin/sslstrip", line 108, in <module>
main(sys.argv[1:])
File "/usr/bin/sslstrip", line 101, in main
reactor.listenTCP(int(listenPort), strippingFactory)
ValueError: invalid literal for int() with base 10: 'l'

[Bl4ckc00k1e]

Hi i see bad this infusion on firmware 2.0.0 and high:

http://www.subirimagenes.com/imagedata.php?url=http://s2.subirimagenes.com/imagen/9027894pineapesslstrip.png

[Whistle Master]

I know. All infusions with tabs have the same issues. Fixes are on their way.

[bytedeez]

Not sure if you can do anything with it or not but sensepost recently came out with a sslstrip script that has been modified to deal and overcome hstshttps://github.com/sensepost/mana/tree/master/sslstrip-hsts

[manlyhak]

Hey guys! just started up using my mark V, gosh i love this thing!!!

anyways doing the sslstrip was just a click away, but i noticed that Facebook and Gmail wont show up in logs, but when i go to aol.com wth my device thats connected to the pineapple and type in mango for username and mango for password and hit enter, it records it...then i stop go to history and view the latest log, when i Ctrl+F and type loginid= i see it! mango mango....so my question is whats up with facebook and gmail? is it that they are too secure?

[dustbyter]

manlyhak,

I haven't checked facebook and others, but my guess is that they are now using HSTS to set the HTTP Strict Transport Security, this tells the browser to ensure that all the links to it are over HTTPS.

I think SSL-SPLIT was created to alleviate some of this, but it would have a warning popup on the browser because of the invalid certificate, regarding SSLSTRIP, I think at Defcon sensepost modified it to work with hsts. We will have to see what those changes are and when they will be available on the pineapple's version of sslstrip.

[chriswhat]

My advice is to stop placing so much emphasis on Facebook. Many people use the same creds for most, if not all, of their accounts (i.e. social media, financial, email, etc.). Compromise one of them, and you can often compromise the rest of them.

LinkedIn

Wordpress

Instagram

Vimeo

Microsoft Live

PayPal

Wells Fargo

Chase

Bank of America

Fidelity

Capital One

IRS.gov

Amazon

Target

Vudu

RedBox

HakShop

DigitalOcean

[manlyhak]

Awesome thanks for the tips guys! are their any other similar wifi monitoring infusions in the pineapple bar?

[thesugarat]

HakShop

:)

[eschafir]

Hi everyone,

is the SSLStrip infusion on MArk V working well? Couse im trying to make it work and i can´t.

I saw the tutorial of Darren but nothing... :(

If you need more info please ask..

Thanks!!

Esteban

[i8igmac]

Try other browsers, try other sites... https hak5 works well... https facebook is a little tricky

[Urieal]

My understanding is it is entirely dependent on the browser -- and -- if its apart of the HSTS site list...
Thats why In another forum post I am inquiring to the infusion of SSLSTRIP2 and DNS2Proxy.

SSLStrip as it stands has worked flawlessly against all our targets of interest when using Internet Explorer...
Safari,Chrome,Firefox -- Thats a different story all together..

But remember - just because SSLStrip doesn't work -- you could always just ettercap or wireshark the data and hope they login to something with HTTP (Clear Text)
You'd be surprised how many people use the same email and password for everything -- We're human.


If you're not having much luck with SSLStrip and you're currently working for someone (client) perhaps try SEToolkit... clone the page and e-mail your clients..
You'd be amazed at how many people believe they really did win a free Ipad -- or a cruise to the bahamas.

[eschafir]

Thx guys! After opening this post i noticed about the HSTS sites... but with yours explanations its very clear for me now.

Thank you!!

[bytedeez]

Some guys at Sensepost made a new version of sslstrip called sslstrip-HSTS as part of the their new mitm toolset called MANA. it's not a cover all solution but is suspose to work depending on the site. More information and the code can be found here https://github.com/s...r/sslstrip-hsts

Maybe one of the pros here can make an infusion.

[Urieal]

Some guys at Sensepost made a new version of sslstrip called sslstrip-HSTS as part of the their new mitm toolset called MANA. it's not a cover all solution but is suspose to work depending on the site. More information and the code can be found here https://github.com/s...r/sslstrip-hsts

Maybe one of the pros here can make an infusion.

https://forums.hak5.org/index.php?/topic/33518-big-thanks-to-hak5-i-snuck-in-a-question-too/

I posted about this in my thread -- I hope some of the pros read through it.

It involves DNS Proxy 2 and SSLSTRIP2.

It has a pretty high success rate; but I'm having a hard time contacting the author..

Hopefully someone can expand on this...

[bytedeez]

You might have better luck contacting research@sensepost.com also most of the time the creators of script an apps with sensepost will create a Google group to go along with it. I'll dig into it as well. It usually takes a few days for them guys to respond.

Edited August 30, 2014 by damavox

[singe]

Didn't see a mail to research@sensepost.com, the sslstrip-hsts tool was originally by LeonardoNVE, we just made some small changes to it. What can we help with?

[korniza]

dear all,

I m an enthusiastic new owner of pineapple....I updated firmware as is recommenced to 2.0.4 and after i installed the sslstrip *1.8* for pineapple bar.

The issue is that I tried all the kind of setups (internal/sd) but I do not get any capture of ssl connections to MANY different sites (gmail/aol.com/facebook/twitter/cryptocoin sites/forums) and none returned any data to sslstrip to pineapple. I used laptop and android phone.

Do I have to install another infusion or do some parameter adjustments?

[korniza]

I re-intalled the firmware and now is working fine!

[cheeto]

@Korniza,

It's my understanding that you can't sslstrip too much anymore because of HSTS.

Therefore, gmail, yahoo mail, hotmail etc.... are not possible. (as far as i know). Please correct me if im wrong.

cheers,