knoppy Posted October 22, 2009 Share Posted October 22, 2009 Hi Everyone If i were to use Pineapple in conjunction with SSLtrip in a windows enviroment . Do i need to reroute or ARP the victims oops i meant my other testing laptop . Just wanted to simulate what Darren did in a windows enviroment B) Quote Link to comment Share on other sites More sharing options...
jez_mp3 Posted October 22, 2009 Share Posted October 22, 2009 Hi Everyone If i were to use Pineapple in conjunction with SSLtrip in a windows enviroment . Do i need to reroute or ARP the victims oops i meant my other testing laptop . Just wanted to simulate what Darren did in a windows enviroment B) I'm not sure about windows. Just running on linux would be your best bet as that is what the software is designed for. Maybe If you get hold of the source code you could compile it on a windows machine into an .exe But I dunno, lol. -Jez Quote Link to comment Share on other sites More sharing options...
knoppy Posted October 22, 2009 Author Share Posted October 22, 2009 I did try this http://www.py2exe.org/ but me being a NOOB in pyton i was unsucessfull . Quote Link to comment Share on other sites More sharing options...
digininja Posted October 22, 2009 Share Posted October 22, 2009 sslstrip is python and so is too large to fit on the restricted space on the Fon. I'm currently trying to get ssnsniff working instead. There is an openwrt package but in bridged mode I can't get traffic to flow through it using standard transparent bridging techniques. If anyone gets this working please let me know and if I find anything I'll report back. Running it in routing mode it should work fine Quote Link to comment Share on other sites More sharing options...
knoppy Posted October 22, 2009 Author Share Posted October 22, 2009 @Digi Which means if i were to use same method what darren did in episode 412, Im able to use sslstrip , because in that way i will be sniffing on the ethernet . Where all my victims packets will be reaching my laptop . Now i have to figure out how to use sslstrip ? because when i ran sslstrip with windows it says "import error : No module named twisted.web" i know im doing something wrong ? anyone care to advise Quote Link to comment Share on other sites More sharing options...
digininja Posted October 23, 2009 Share Posted October 23, 2009 If you want to run sslstrip on the pc then yes, that should work fine, I'm trying to get it all on the Fon. Quote Link to comment Share on other sites More sharing options...
blitzman Posted November 5, 2009 Share Posted November 5, 2009 I have been debating the sd/mmc card hack on the fon 2200 to get some extra storage space and then sslstrip could be easily thrown on there. Are there any other openwrt compatible atheros based access points with enough storage to do this? Quote Link to comment Share on other sites More sharing options...
digininja Posted November 5, 2009 Share Posted November 5, 2009 There is an sslsniff package for openwrt but I've spent the last month trying to get it to work in bridging mode and not had any luck. The problem is with the iptables/ebtables rules needed to intercept the traffic on the bridge and redirect all traffic on port 443 to ssnsniff. The rules work fine if you are doing arp cache poisoning and so are routing traffic but in bridge mode I just can't get any off the rules to have an affect. I've asked on the openwrt forum, the netfilter mailing list and the guy who built the package, no one can help. I may have a lead on getting it to work so will have a play when I get chance. If anyone out there is good with ip/ebtables then please get in touch and I can explain what I need doing. Quote Link to comment Share on other sites More sharing options...
jmiller Posted November 26, 2009 Share Posted November 26, 2009 Where did you find the sslsniff ipk? I think I can get the firewall to work properly. I have the bridge turned off and I am NATing my traffic. Should be a simple rule to forward the 443 traffic :-) If I can find the package and get it working I will send you the iptables config. There is an sslsniff package for openwrt but I've spent the last month trying to get it to work in bridging mode and not had any luck. The problem is with the iptables/ebtables rules needed to intercept the traffic on the bridge and redirect all traffic on port 443 to ssnsniff. The rules work fine if you are doing arp cache poisoning and so are routing traffic but in bridge mode I just can't get any off the rules to have an affect. I've asked on the openwrt forum, the netfilter mailing list and the guy who built the package, no one can help. I may have a lead on getting it to work so will have a play when I get chance. If anyone out there is good with ip/ebtables then please get in touch and I can explain what I need doing. Quote Link to comment Share on other sites More sharing options...
digininja Posted November 29, 2009 Share Posted November 29, 2009 Where did you find the sslsniff ipk? I think I can get the firewall to work properly. I have the bridge turned off and I am NATing my traffic. Should be a simple rule to forward the 443 traffic :-) If I can find the package and get it working I will send you the iptables config. I'm working away at the moment but I think this should work: www.digininja.org/files/sslsniff_0.5-1_mips.ipk Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.