Jump to content
Hak5 Forums

Archived

This topic is now archived and is closed to further replies.

diggler

Sslstrip Not Working With Gmail & Twitter

Recommended Posts

Hey Guys,

Can anyone confirm the same results?

When testing in my lab SSLStrip works/doesn't work with the following sites:

NOTE: client browser Google chrome 17.0.963.33 beta on mac os x

YES

-linkedin.com

-facebook.com

NO

-mail.google.com

-twitter.com

If other's get the same result. Could it be that the big co's have found a way to prevent the attack?

I get the following error output from SSLStrip after visiting GMAIL.

MK3 AP51 v2.0.1 /w BT5R1

cd /pentest/web/sslstrip

chmod +x sslstrip.py

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

./sslstrip.py -l 10000 -k -f

tail -f sslstrip.log


root@bt:~/pentest# cd /pentest/web/sslstrip/
root@bt:/pentest/web/sslstrip# iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
root@bt:/pentest/web/sslstrip# ./sslstrip.py -l 10000 -k -f

sslstrip 0.9 by Moxie Marlinspike running...
Traceback (most recent call last):
  File "./sslstrip.py", line 105, in main
    reactor.run()
  File "/usr/lib/python2.6/dist-packages/twisted/internet/base.py", line 1170, in run
    self.mainLoop()
  File "/usr/lib/python2.6/dist-packages/twisted/internet/base.py", line 1182, in mainLoop
    self.doIteration(t)
  File "/usr/lib/python2.6/dist-packages/twisted/internet/selectreactor.py", line 140, in doSelect
    _logrun(selectable, _drdw, selectable, method, dict)
--- <exception caught here> ---
  File "/usr/lib/python2.6/dist-packages/twisted/python/log.py", line 84, in callWithLogger
    return callWithContext({"system": lp}, func, *args, **kw)
  File "/usr/lib/python2.6/dist-packages/twisted/python/log.py", line 69, in callWithContext
    return context.call({ILogContext: newCtx}, func, *args, **kw)
  File "/usr/lib/python2.6/dist-packages/twisted/python/context.py", line 59, in callWithContext
    return self.currentContext().callWithContext(ctx, func, *args, **kw)
  File "/usr/lib/python2.6/dist-packages/twisted/python/context.py", line 37, in callWithContext
    return func(*args,**kw)
  File "/usr/lib/python2.6/dist-packages/twisted/internet/selectreactor.py", line 156, in _doReadOrWrite
    self._disconnectSelectable(selectable, why, method=="doRead")
  File "/usr/lib/python2.6/dist-packages/twisted/internet/posixbase.py", line 191, in _disconnectSelectable
    selectable.readConnectionLost(f)
  File "/usr/lib/python2.6/dist-packages/twisted/internet/tcp.py", line 508, in readConnectionLost
    self.connectionLost(reason)
  File "/usr/lib/python2.6/dist-packages/twisted/internet/tcp.py", line 677, in connectionLost
    Connection.connectionLost(self, reason)
  File "/usr/lib/python2.6/dist-packages/twisted/internet/tcp.py", line 519, in connectionLost
    protocol.connectionLost(reason)
  File "/usr/lib/python2.6/dist-packages/twisted/web/http.py", line 489, in connectionLost
    self.handleResponseEnd()
  File "/pentest/web/sslstrip/sslstrip/ServerConnection.py", line 119, in handleResponseEnd
    HTTPClient.handleResponseEnd(self)
  File "/usr/lib/python2.6/dist-packages/twisted/web/http.py", line 500, in handleResponseEnd
    self.handleResponse(B)
  File "/pentest/web/sslstrip/sslstrip/ServerConnection.py", line 134, in handleResponse
    self.shutdown()
  File "/pentest/web/sslstrip/sslstrip/ServerConnection.py", line 154, in shutdown
    self.client.finish()
  File "/usr/lib/python2.6/dist-packages/twisted/web/http.py", line 900, in finish
    "Request.finish called on a request after its connection was lost; "
exceptions.RuntimeError: Request.finish called on a request after its connection was lost; use Request.notifyFinish to keep track of this.
Traceback (most recent call last):
  File "./sslstrip.py", line 105, in main
    reactor.run()
  File "/usr/lib/python2.6/dist-packages/twisted/internet/base.py", line 1170, in run
    self.mainLoop()
  File "/usr/lib/python2.6/dist-packages/twisted/internet/base.py", line 1182, in mainLoop
    self.doIteration(t)
  File "/usr/lib/python2.6/dist-packages/twisted/internet/selectreactor.py", line 140, in doSelect
    _logrun(selectable, _drdw, selectable, method, dict)
--- <exception caught here> ---
  File "/usr/lib/python2.6/dist-packages/twisted/python/log.py", line 84, in callWithLogger
    return callWithContext({"system": lp}, func, *args, **kw)
  File "/usr/lib/python2.6/dist-packages/twisted/python/log.py", line 69, in callWithContext
    return context.call({ILogContext: newCtx}, func, *args, **kw)
  File "/usr/lib/python2.6/dist-packages/twisted/python/context.py", line 59, in callWithContext
    return self.currentContext().callWithContext(ctx, func, *args, **kw)
  File "/usr/lib/python2.6/dist-packages/twisted/python/context.py", line 37, in callWithContext
    return func(*args,**kw)
  File "/usr/lib/python2.6/dist-packages/twisted/internet/selectreactor.py", line 156, in _doReadOrWrite
    self._disconnectSelectable(selectable, why, method=="doRead")
  File "/usr/lib/python2.6/dist-packages/twisted/internet/posixbase.py", line 191, in _disconnectSelectable
    selectable.readConnectionLost(f)
  File "/usr/lib/python2.6/dist-packages/twisted/internet/tcp.py", line 508, in readConnectionLost
    self.connectionLost(reason)
  File "/usr/lib/python2.6/dist-packages/twisted/internet/tcp.py", line 677, in connectionLost
    Connection.connectionLost(self, reason)
  File "/usr/lib/python2.6/dist-packages/twisted/internet/tcp.py", line 519, in connectionLost
    protocol.connectionLost(reason)
  File "/usr/lib/python2.6/dist-packages/twisted/web/http.py", line 489, in connectionLost
    self.handleResponseEnd()
  File "/pentest/web/sslstrip/sslstrip/ServerConnection.py", line 119, in handleResponseEnd
    HTTPClient.handleResponseEnd(self)
  File "/usr/lib/python2.6/dist-packages/twisted/web/http.py", line 500, in handleResponseEnd
    self.handleResponse(B)
  File "/pentest/web/sslstrip/sslstrip/ServerConnection.py", line 134, in handleResponse
    self.shutdown()
  File "/pentest/web/sslstrip/sslstrip/ServerConnection.py", line 154, in shutdown
    self.client.finish()
  File "/usr/lib/python2.6/dist-packages/twisted/web/http.py", line 900, in finish
    "Request.finish called on a request after its connection was lost; "
exceptions.RuntimeError: Request.finish called on a request after its connection was lost; use Request.notifyFinish to keep track of this.

Share this post


Link to post
Share on other sites

I received this comment from the man himself...

"Both use HSTS headers now, so if you're using a browser that supports them (like Chrome), there's no opportunity for sslstrip to do anything. That output is from Twisted,and it doesn't indicate any actual problem."

UPDATE1:

http://www.owasp.or...nsport_Security

UPDATE2:

SSLStrip still works against Safari

Definitely broken with FF and Chrome tho : (

Now what?

UPDATE3:

"HSTS fixes this problem by informing the browser that connections to the site should always use SSL. Of course, the HSTS header can be stripped by the attacker if this is the user's first visit.Chrome attempts to limit this problem by including a hard-coded list of HSTS sites.[11] Unfortunately this solution cannot scale to include all websites on the internet; a more workable solution can be achieved by including HSTS data inside DNS records, and accessing them securely via DNSSEC."

Share this post


Link to post
Share on other sites

I received this comment from the man himself...

"Both use HSTS headers now, so if you're using a browser that supports them (like Chrome), there's no opportunity for sslstrip to do anything. That output is from Twisted,and it doesn't indicate any actual problem."

UPDATE1:

http://www.owasp.or...nsport_Security

UPDATE2:

SSLStrip still works against Safari

Definitely broken with FF and Chrome tho : (

Now what?

UPDATE3:

"HSTS fixes this problem by informing the browser that connections to the site should always use SSL. Of course, the HSTS header can be stripped by the attacker if this is the user's first visit.Chrome attempts to limit this problem by including a hard-coded list of HSTS sites.[11] Unfortunately this solution cannot scale to include all websites on the internet; a more workable solution can be achieved by including HSTS data inside DNS records, and accessing them securely via DNSSEC."

Thanks for following through on this Diggler! I was just going to get into sslstrip this weekend, so this is some great food for thought. Thanks very much

telot

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×