EdLesMann Posted December 10, 2011 Posted December 10, 2011 This is the next step of my journey for those that helped me out earlier. Thanks! I am starting a new topic since the goal of the first topic has been completed. http://forums.hak5.org/index.php?showtopic=23571 I was able to hack in to the pineapple and adjust all the network settings. I followed echoblack's guide since that was where my friend had started. http://forums.hak5.org/index.php?showtopic=15200 I used his scripts and I was able to get it working! There are a few issues with the script that I am going to try to hack on and correct, but it works as it should. I have three things I would like to ask about. All of this was done on a fully updated Kubuntu 11.10 laptop. 1) SSLstrip. I enabled this function from the script, but SSLscript crashed on me everytime I started it up. I have both python 2.6 and 2.7 installed. As a test I updated SSLstrip. I pulled the latest sslstrip from here: https://github.com/moxie0/sslstrip After I adjusted the pineapple.sh script to point to the 0.9 instead of 0.7. SSLstrip stopped crashing, but it didn't behave the way I thought it should. Browsing https://google.com, https://duckduckgo.com and even the https verison of wikipedia didn't trigger anything. I logged into https://mail.google.com and I saw it was redirected to http://mail.google.com /and/ I got a message in my logfile showing my email/password/ect! Horray, part of it works! SSLStrip also kicks out this nasty block of errors: File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 529, in connectionLost protocol.connectionLost(reason) File "/usr/lib/python2.7/dist-packages/twisted/web/http.py", line 455, in connectionLost self.handleResponseEnd() File "/usr/src/sslstrip-0.9-2-1/sslstrip/ServerConnection.py", line 119, in handleResponseEnd HTTPClient.handleResponseEnd(self) File "/usr/lib/python2.7/dist-packages/twisted/web/http.py", line 466, in handleResponseEnd self.handleResponse(B) File "/usr/src/sslstrip-0.9-2-1/sslstrip/ServerConnection.py", line 134, in handleResponse self.shutdown() File "/usr/src/sslstrip-0.9-2-1/sslstrip/ServerConnection.py", line 154, in shutdown self.client.finish() File "/usr/lib/python2.7/dist-packages/twisted/web/http.py", line 866, in finish "Request.finish called on a request after its connection was lost; " exceptions.RuntimeError: Request.finish called on a request after its connection was lost; use Request.notifyFinish to keep track of this. Is this important? I don't know. pineapple.sh only checks for python 2.6, is it a problem that it uses 2.7? Again, I don't know. I don't see anything in the sslstrip docs saying I have to use python2.6, but maybe I am missing something obvious. Also, why would it not strip the https from the search engines/wiki? 2) Upgrades. According to the software webpages, my pineapple is running Jasager v.2 (meaning I am WAY out of date) and X-WRT 8.09 (which has an update to 8.09.02). I looked and found several update guides, but they seem to want me to run a windows binary. I don't have windows at all. Just Debian Lenny (Desktop), and Kubuntu 11.10 (laptop). Should I attempt an upgrade? What would be the easiest way for me to do so? I have a decent amount of Linux knowledge, but this pineapple/wireshark/sslstrip is pretty much all new to me and I tend to have to look up a lot of terminology. 3) Wireshark. Lastly, I captured traffic from the eth0 port with wireshark. I have used wireshark _loads_ of times in the past for my past job...with a very specific purpose...so I only know like 3 things about wireshark...it is rather sad how little I know about a program I have used so much. Has Hak5 done a good review of wireshark that I can use to brush up? A search on youtube brings up a bunch of wireshark videos. Anyone have recommended materials I should check out? Thanks for the help everyone! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.