Jump to content
Hak5 Forums

drakorg

Members
  • Content count

    4
  • Joined

  • Last visited

About drakorg

  • Rank
    Newbie
  1. [Official] SSLsplit

    Hi, I just tried this module for the first time today, and it's working fine out of the box. The only issue I've found is that it leaves your iptables rules trashed after you stop it. The original idea was fine (clear everything before setting the new rules, and clear the rules after it stops running), but that kinda falls short for leaving a working pineapple after that. To fix this I've added an iptables-save before any modification to the iptables rules, and an iptables-restore after the rules cleanup, that way (if there were no modifications between the start/stop cycle) it will leave the pineapple exactly as it was before starting the sslsplit module. Maybe the cleanup itself is not even necessary anymore if we are going to run a restore anyways, but it's working fine this way all the same. I'm attaching the final scripts, in case you'd like to ship them as a new version of the module. Thanks. Regards. /pineapple/modules/SSLsplit/scripts/autostart_sslsplit.sh #!/bin/sh #2015 - Whistle Master export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/sd/lib:/sd/usr/lib export PATH=$PATH:/sd/usr/bin:/sd/usr/sbin MYTIME=`date +%s` killall sslsplit echo '1' > /proc/sys/net/ipv4/ip_forward iptables-save > /pineapple/modules/SSLsplit/rules/saved iptables -X iptables -F iptables -t nat -F iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT sh /pineapple/modules/SSLsplit/rules/iptables iptables -t nat -A POSTROUTING -j MASQUERADE sslsplit -D -l /pineapple/modules/SSLsplit/connections.log -L /pineapple/modules/SSLsplit/log/output_${MYTIME}.log -k /pineapple/modules/SSLsplit/cert/certificate.key -c /pineapple/modules/SSLsplit/cert/certificate.crt ssl 0.0.0.0 8443 tcp 0.0.0.0 8080 /pineapple/modules/SSLsplit/scripts/sslsplit.sh #!/bin/sh #2015 - Whistle Master export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/sd/lib:/sd/usr/lib export PATH=$PATH:/sd/usr/bin:/sd/usr/sbin MYTIME=`date +%s` killall sslsplit if [ "$1" = "start" ]; then echo '1' > /proc/sys/net/ipv4/ip_forward iptables-save > /pineapple/modules/SSLsplit/rules/saved iptables -X iptables -F iptables -t nat -F iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT sh /pineapple/modules/SSLsplit/rules/iptables iptables -t nat -A POSTROUTING -j MASQUERADE sslsplit -D -l /pineapple/modules/SSLsplit/connections.log -L /pineapple/modules/SSLsplit/log/output_${MYTIME}.log -k /pineapple/modules/SSLsplit/cert/certificate.key -c /pineapple/modules/SSLsplit/cert/certificate.crt ssl 0.0.0.0 8443 tcp 0.0.0.0 8080 elif [ "$1" = "stop" ]; then rm -rf /pineapple/modules/SSLsplit/connections.log iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables-restore < /pineapple/modules/SSLsplit/rules/saved fi
  2. 3d printed case for my nano

    Just make sure that it doesn't end up resembling a gun, which was exactly my first impression, lol. Besides that, great case :)
  3. Quickcreds issue

    All the success cases I've read so far were always domain based. Is it supposed to work on non-domain computers too? Thanks.
  4. Internet won't work on browser via LAN TURTLE.

    Hi, dwagner, I'm probably late, but the problem you are facing is most likely related to the fact that dnsmasq is not told by default to use any external dns servers. You can force it to use google's just by adding these 2 lines to the end of the /etc/dnsmasq.conf: server=8.8.8.8 server=8.8.4.4 resolv.conf by default is set to 127.0.0.1, meaning that all name resolutions will be handled by the dns server located at 127.0.0.1, which is your instance of dnsmaq. Dnsmasq in turn, with these 2 lines, is told to forward dns queries to those external dns servers. This may be still not be an ideal setup (probably if you also need to resolve local domain names successfully), but it currently suits my needs. Just for the record, I have my laptop with wifi turned off, internet fed exclusively by an ethernet cable coming from the router, I disconnect the ethernet (I run out of internet), connect the turtle with default network settings, and connect the ethernet cable into the turtle. After 10 seconds or so, I can browse the internet as usual, and all traffic is coming to/from the turtle, even dns queries. You can even see that the dns server for my adapter was indeed set to turtle's: Ethernet adapter LAN Turtle: Connection-specific DNS Suffix . : lan Description . . . . . . . . . . . : Realtek USB FE Family Controller #2 Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : fd8f:cf7a:45fa::2b1(Preferred) Lease Obtained. . . . . . . . . . : Wednesday, June 21, 2017 1:31:25 AM Lease Expires . . . . . . . . . . : Thursday, June 22, 2017 1:31:25 AM IPv6 Address. . . . . . . . . . . : fd8f:cf7a:45fa:0:80e2:f131:6eab:1fc6(Preferred) Temporary IPv6 Address. . . . . . : fd8f:cf7a:45fa:0:5066:45c6:2e58:f2f0(Preferred) Link-local IPv6 Address . . . . . : fe80::80e2:f131:6eab:1fc6%138(Preferred) IPv4 Address. . . . . . . . . . . : 172.16.84.117(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Wednesday, June 21, 2017 1:31:30 AM Lease Expires . . . . . . . . . . : Wednesday, June 21, 2017 1:32:21 PM Default Gateway . . . . . . . . . : 172.16.84.1 DHCP Server . . . . . . . . . . . : 172.16.84.1 DHCPv6 IAID . . . . . . . . . . . : -1979654068 DHCPv6 Client DUID. . . . . . . . : XX-XX-XX-XX-XX-XX-XX-XX-XX-XX-XX-XX-XX-XX DNS Servers . . . . . . . . . . . : fd8f:cf7a:45fa::1 172.16.84.1 NetBIOS over Tcpip. . . . . . . . : Enabled Connection-specific DNS Suffix Search List : home And turtle in turn redirects every query to 8.8.8.8, falling back to 8.8.4.4 in case 8.8.8.8 becomes unreachable. Hope it helps.
×