Problem With Sslstrip Backtrack 5

[SystemCrash86]

I am unable to use sslstrip in backtrack 5. Everytime i attempt to use it all i get is the following message:

root@bt:/pentest/web/sslstrip# python sslstrip.py

Traceback (most recent call last):

File "sslstrip.py", line 108, in <module>

main(sys.argv[1:])

File "sslstrip.py", line 101, in main

reactor.listenTCP(int(listenPort), strippingFactory)

File "/usr/lib/python2.6/dist-packages/twisted/internet/posixbase.py", line 346, in listenTCP

p.startListening()

File "/usr/lib/python2.6/dist-packages/twisted/internet/tcp.py", line 855, in startListening

raise CannotListenError, (self.interface, self.port, le)

twisted.internet.error.CannotListenError: Couldn't listen on any:10000: [Errno 98] Address already in use.

I have looked online and there are people with the same problem but no solutions so i thought i would post it here to see if any of you guys can come up with a solution.

Additionally when i use the live cd of backtrack 5 i have no problems with sslstrip but i have backtrack 5 dual booted with my windows 7 machine so i dont always have the live cd. Also uninstalling and reinstalling does not work even downgrading from version 0.9 to 0.8 doesnt work either.

All help is definately appreciated thankyou

[bobbyb1980]

I don't use SSLStrip often but I had the same problem. I think it's version 0.8 which has a lot of problems with BT5r1. What I did was download version 0.9, but I didn't install it or uninstall 0.8. Whenever I wanted to use it I'd cd to the dir and do "python ./sslstrip-0.9 -l 10000 -k" and that worked for me. I still got the errors in the console, but it wrote what it captured to the log file without problems.

If running it like that still doesn't work, maybe you should try to change to a different version of python?

[Mr-Protocol]

Just install the new version of sslstrip http://www.thoughtcrime.org/software/sslstrip/

Also, did you try

apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y

before you ran sslstrip?

[SystemCrash86]

I don't use SSLStrip often but I had the same problem. I think it's version 0.8 which has a lot of problems with BT5r1. What I did was download version 0.9, but I didn't install it or uninstall 0.8. Whenever I wanted to use it I'd cd to the dir and do "python ./sslstrip-0.9 -l 10000 -k" and that worked for me. I still got the errors in the console, but it wrote what it captured to the log file without problems.

If running it like that still doesn't work, maybe you should try to change to a different version of python?

thanks mate but i still got the same results

[SystemCrash86]

Just install the new version of sslstrip http://www.thoughtcrime.org/software/sslstrip/

Also, did you try

apt-get update && apt-get upgrade -y && apt-get dist-upgrade -y

before you ran sslstrip?

I always run that command because i always want to stay upto date. and i have been using the latest version of sslstrip. When i first install backtrack 5 it was version 0.8 - i tried that and i didnt work. Then i ran apt-get update then apt-get upgrade and finally apt-get dist-upgrade - always in that order everytime i log in. So now i have the latest version of sslstrip on my machine - version 0.9 and still i have the same problems and the same errors keep popping up and not allowing me to run sslstrip

[bobbyb1980]

What context are you trying to use SSLStrip, for ICS, arp-spoofing, etc?

Your error says it can't listen on port 10,000, have you tried other ports?

Have you verified that your iptables are setup correctly?

Maybe if you use Wireshark you can set a filter to see the SSL traffic and where it's going.

[SystemCrash86]

What context are you trying to use SSLStrip, for ICS, arp-spoofing, etc?

Your error says it can't listen on port 10,000, have you tried other ports?

Have you verified that your iptables are setup correctly?

Maybe if you use Wireshark you can set a filter to see the SSL traffic and where it's going.

Yes i tried 10000 and 8080 but still the same error.

I want to use it in the context that i want to try and sniff my own passwords from my desktop, i just wanted to see sslstrip in action but i cant get it to work. My setup is my laptop running backtrack 5 r1 using sslstrip and my desktop pc. i run sslstrip on laptop and browse the net on my desktop hoping to see is sslstrip works but its not working because of all these errors i keep getting. and as far as i know my iptables are setup correctly

[bobbyb1980]

You still didn't answer my question, are you trying to use SSLStrip in conjunction with arp-spoof or ettercap or ICS or what?

If I understood you correctly in that you have an attacking machine running bt5r1 and sslstrip and a victim machine and that's it? If that is the case then it won't work because SSLStrip needs to be run in conjunction with ICS or arp-spoof or something.

[bobbyb1980]

In the original command from your first post "root@bt:/pentest/web/sslstrip# python sslstrip.py " you didn't specify a port. When I run sslstrip it looks like this:

sudo python ./sslstrip-0.9.py -l 64123 -k

However you would set the port to correspond with the port you specified in IPTables.

[SystemCrash86]

You still didn't answer my question, are you trying to use SSLStrip in conjunction with arp-spoof or ettercap or ICS or what?

If I understood you correctly in that you have an attacking machine running bt5r1 and sslstrip and a victim machine and that's it? If that is the case then it won't work because SSLStrip needs to be run in conjunction with ICS or arp-spoof or something.

sorry man, i usually use sslstrip along with arp-spoof

[SystemCrash86]

In the original command from your first post "root@bt:/pentest/web/sslstrip# python sslstrip.py " you didn't specify a port. When I run sslstrip it looks like this:

sudo python ./sslstrip-0.9.py -l 64123 -k

However you would set the port to correspond with the port you specified in IPTables.

i do specify a port according to my IPTables but keep getting the error

[bobbyb1980]

Be sure that you have IP forwarding enabled and the port traffic is being routed correctly (easy to find commands w/google) Also paste what ip tables commands you're using here.

To verify that you're arp-spoof is working, you can go to the victim machine and do

 sudo arp-scan --interface=wlan0 192.168.1.0/24 

and you can see what your computer thinks about who is who. Do this before arp-spoof runs and after to verify the change. There is also a module to verify that the arp-spoof is working in ettercap that I like that you can run from the attacking machine. You can also verify it from wireshark from the atacking machine amongst other ways I haven't learned yet.

Once verified that it's working, try to run sslstrip like this from the directory where sslstrip-0.9.py is located

 sudo python ./sslstrip-0.9.py -l 10000 -k 

If that doesn't work, google what version of python sslstrip-0.9 is using and check that against what version you have installed. Also check to make sure "AP Isolation" isn't enabled on the AP you're using.

[SystemCrash86]

Be sure that you have IP forwarding enabled and the port traffic is being routed correctly (easy to find commands w/google) Also paste what ip tables commands you're using here.

To verify that you're arp-spoof is working, you can go to the victim machine and do

 sudo arp-scan --interface=wlan0 192.168.1.0/24 

and you can see what your computer thinks about who is who. Do this before arp-spoof runs and after to verify the change. There is also a module to verify that the arp-spoof is working in ettercap that I like that you can run from the attacking machine. You can also verify it from wireshark from the atacking machine amongst other ways I haven't learned yet.

Once verified that it's working, try to run sslstrip like this from the directory where sslstrip-0.9.py is located

 sudo python ./sslstrip-0.9.py -l 10000 -k 

If that doesn't work, google what version of python sslstrip-0.9 is using and check that against what version you have installed. Also check to make sure "AP Isolation" isn't enabled on the AP you're using.

I tried that and it didnt work. I even uninstalled backtrack 5r1 completely and reinstalled in on my hard drive as this usually solves most of the problems for me. I was relieved when sslstrip 0.8 was working and still working when updated to version 0.9. However that joy was short lived as am not experiencing the same error again.

Oh and when i type python in my terminal to get the version i get:

root@bt:/pentest/web/sslstrip# python

Python 2.6.5 (r265:79063, Apr 16 2010, 13:09:56)

[GCC 4.4.3] on linux2

Type "help", "copyright", "credits" or "license" for more information.

>>>

[SystemCrash86]

UPDATE!!

After numerous attempts to fix sslstrip on backtrack 5rl kde by uninstalling and reinstalling it and by changing the listenports from 10000 to 8000 etc i had no luck.

So after running out of options i decided to make the switch and try gnome instead. Now using backtrack 5r1 gnome everything started to work perfectly until i ran into the sslstrip problem again, i thought it was pointless but i decided to try and change the listening ports again (having no luck in kde for some reason) and IT WORKED. I don't know how or why but for some strange reason this worked but didnt in my kde version.

I would like to thank everyone for all of there input, it was greatly appreciated.