darkn3ssking Posted January 28, 2011 Share Posted January 28, 2011 hey guyz i face real problem in sslstrip, i have run sslstrip and arpspoof in my university on my laptop backtrack machine, we have one ssl login like this https://golestan/ when i runned ssltrip the url has been changed to http://golestan:445 in victim machine and it didnt opened url anymore. anyone have experiment please help me, i think the url could be change to http://golestan/ not http://golestan:445 tnx for quick response Quote Link to comment Share on other sites More sharing options...
hexophrenic Posted January 28, 2011 Share Posted January 28, 2011 445 should be 443. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted January 28, 2011 Share Posted January 28, 2011 You should forward all port 80 to SSL strip. http://www.thoughtcrime.org/software/sslstrip/ Running sslstrip * Flip your machine into forwarding mode. (echo "1" > /proc/sys/net/ipv4/ip_forward) * Setup iptables to redirect HTTP traffic to sslstrip. (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>) * Run sslstrip. (sslstrip.py -l <listenPort>) * Run arpspoof to convince a network they should send their traffic to you. (arpspoof -i <interface> -t <targetIP> <gatewayIP>) That should do it. Quote Link to comment Share on other sites More sharing options...
darkn3ssking Posted January 28, 2011 Author Share Posted January 28, 2011 445 should be 443. sorry i make mistake the url is http://golestan:443 Quote Link to comment Share on other sites More sharing options...
darkn3ssking Posted January 28, 2011 Author Share Posted January 28, 2011 You should forward all port 80 to SSL strip. http://www.thoughtcrime.org/software/sslstrip/ yes i did do this steps, but i dont know why the url changed to http://golestan:443 and it not open anymore. do you know whats the problem ? Quote Link to comment Share on other sites More sharing options...
mux Posted January 29, 2011 Share Posted January 29, 2011 (edited) You should forward all port 80 to SSL strip. http://www.thoughtcrime.org/software/sslstrip/ Call me crazy (I do see the iptables chain listed in your quoted text from the site you linked and understand it), but wouldn't traffic destined for port 80 usually be in clear text anyway? Isn't it usually port 443 (Sometimes port 8080 I suppose) that you want to use SSL Strip on or am I missing something here? Edited January 29, 2011 by mux Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted January 29, 2011 Share Posted January 29, 2011 Call me crazy (I do see the iptables chain listed in your quoted text from the site you linked and understand it), but wouldn't traffic destined for port 80 usually be in clear text anyway? Isn't it usually port 443 (Sometimes port 8080 I suppose) that you want to use SSL Strip on or am I missing something here? You are correct, but doing just port 80 works. I think sslstrip connects via https port and just forwards clear text back to the user. It would be a question for the creator or watch his presentation. I mean, i guess for good measure you could add the other ports you feel necessary. Quote Link to comment Share on other sites More sharing options...
mux Posted January 29, 2011 Share Posted January 29, 2011 You are correct, but doing just port 80 works. I think sslstrip connects via https port and just forwards clear text back to the user. It would be a question for the creator or watch his presentation. I mean, i guess for good measure you could add the other ports you feel necessary. Gotcha. Once I started looking at that firewall rule it made more sense. I guess I am just too used to seeing FORWARD rules used locally to port forward on my router to even notice that the rule you quoted was using a PREROUTING rule when I scanned over it the first time. I guess that is an easy way to make myself look like an ass. :) Quote Link to comment Share on other sites More sharing options...
darkn3ssking Posted January 29, 2011 Author Share Posted January 29, 2011 anyone know my problem? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.