Jump to content

SSl Strip with Fon and Jasager?

Xakep
 Share

Recommended Posts

Xakep Newbie

Xakep

Posted
Posted

I recently saw a video put out by John Strand about SSL strip. SSL strip is a python script that alows you to tell a https website to cancel that https connection and send it as http instead. This attack was set up using a few programs sslstrip.py, iptables, and arpspoof. Is there a way that I could use ssl strip with my Fon as the MITM instead of Arpspoof? Then I can sniff all traffic in clear text with wireshark.

Here is a link to the video: http://vimeo.com/3970303

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

I don't see why not, you probably wouldn't need arpspoof because you are already in the middle, just iptables and his python script.

It would be nice someone would rewrite the script in ruby, then we wouldn't need any extra apps on the fon.

Anyone up for looking at getting this working?

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

I had a look and python installed from the package is at least 11M. As the fon has under 8M storage I'll abandon the idea of putting sslstrip on the Fon with Jasager.

If you want to run it on the machine that is supplying the internet to the fon then just run it as normal. You won't need the arpspoof as you are already in the the middle.

I had a look at how hard it would be to rewrite sslstrip in ruby and it is possible but not with the amount of free time I've got so if anyone else wants to do it and pass me some working code I'll look at incorporating it, otherwise just run it on the intermediary machine.

Link to comment
Share on other sites
Xakep Newbie

Xakep

Posted
  • Author
Posted

So I can run the script on my pc and use the iptable config he had in the video and it should work? Also I have a quick question is there a difference between ruby and ruby on rails, or are they the same thing? I ask this because I would not mind learning ruby so I can convert this python script to ruby.

Thanks.

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

That should work.

Ruby is a programming language, rails is a web framework. If you want to do scripting then you don't need rails. If you aren't a developer then I'd start on something much more simple, this isn't an easy first build.

Link to comment
Share on other sites
Xakep Newbie

Xakep

Posted
  • Author
Posted

Ya I thought Rails was for web development, but I wasn't sure. Any way, I plan on learning some ruby basics soon and then eventually I will try to do some conversion.

Thanks for the help and the quick reply.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...