Jump to content

Sslstrip Not Working With Gmail & Twitter


Recommended Posts

Hey Guys,

Can anyone confirm the same results?

When testing in my lab SSLStrip works/doesn't work with the following sites:

NOTE: client browser Google chrome 17.0.963.33 beta on mac os x

YES

-linkedin.com

-facebook.com

NO

-mail.google.com

-twitter.com

If other's get the same result. Could it be that the big co's have found a way to prevent the attack?

I get the following error output from SSLStrip after visiting GMAIL.

MK3 AP51 v2.0.1 /w BT5R1

cd /pentest/web/sslstrip

chmod +x sslstrip.py

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

./sslstrip.py -l 10000 -k -f

tail -f sslstrip.log


root@bt:~/pentest# cd /pentest/web/sslstrip/
root@bt:/pentest/web/sslstrip# iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
root@bt:/pentest/web/sslstrip# ./sslstrip.py -l 10000 -k -f

sslstrip 0.9 by Moxie Marlinspike running...
Traceback (most recent call last):
  File "./sslstrip.py", line 105, in main
    reactor.run()
  File "/usr/lib/python2.6/dist-packages/twisted/internet/base.py", line 1170, in run
    self.mainLoop()
  File "/usr/lib/python2.6/dist-packages/twisted/internet/base.py", line 1182, in mainLoop
    self.doIteration(t)
  File "/usr/lib/python2.6/dist-packages/twisted/internet/selectreactor.py", line 140, in doSelect
    _logrun(selectable, _drdw, selectable, method, dict)
--- <exception caught here> ---
  File "/usr/lib/python2.6/dist-packages/twisted/python/log.py", line 84, in callWithLogger
    return callWithContext({"system": lp}, func, *args, **kw)
  File "/usr/lib/python2.6/dist-packages/twisted/python/log.py", line 69, in callWithContext
    return context.call({ILogContext: newCtx}, func, *args, **kw)
  File "/usr/lib/python2.6/dist-packages/twisted/python/context.py", line 59, in callWithContext
    return self.currentContext().callWithContext(ctx, func, *args, **kw)
  File "/usr/lib/python2.6/dist-packages/twisted/python/context.py", line 37, in callWithContext
    return func(*args,**kw)
  File "/usr/lib/python2.6/dist-packages/twisted/internet/selectreactor.py", line 156, in _doReadOrWrite
    self._disconnectSelectable(selectable, why, method=="doRead")
  File "/usr/lib/python2.6/dist-packages/twisted/internet/posixbase.py", line 191, in _disconnectSelectable
    selectable.readConnectionLost(f)
  File "/usr/lib/python2.6/dist-packages/twisted/internet/tcp.py", line 508, in readConnectionLost
    self.connectionLost(reason)
  File "/usr/lib/python2.6/dist-packages/twisted/internet/tcp.py", line 677, in connectionLost
    Connection.connectionLost(self, reason)
  File "/usr/lib/python2.6/dist-packages/twisted/internet/tcp.py", line 519, in connectionLost
    protocol.connectionLost(reason)
  File "/usr/lib/python2.6/dist-packages/twisted/web/http.py", line 489, in connectionLost
    self.handleResponseEnd()
  File "/pentest/web/sslstrip/sslstrip/ServerConnection.py", line 119, in handleResponseEnd
    HTTPClient.handleResponseEnd(self)
  File "/usr/lib/python2.6/dist-packages/twisted/web/http.py", line 500, in handleResponseEnd
    self.handleResponse(B)
  File "/pentest/web/sslstrip/sslstrip/ServerConnection.py", line 134, in handleResponse
    self.shutdown()
  File "/pentest/web/sslstrip/sslstrip/ServerConnection.py", line 154, in shutdown
    self.client.finish()
  File "/usr/lib/python2.6/dist-packages/twisted/web/http.py", line 900, in finish
    "Request.finish called on a request after its connection was lost; "
exceptions.RuntimeError: Request.finish called on a request after its connection was lost; use Request.notifyFinish to keep track of this.
Traceback (most recent call last):
  File "./sslstrip.py", line 105, in main
    reactor.run()
  File "/usr/lib/python2.6/dist-packages/twisted/internet/base.py", line 1170, in run
    self.mainLoop()
  File "/usr/lib/python2.6/dist-packages/twisted/internet/base.py", line 1182, in mainLoop
    self.doIteration(t)
  File "/usr/lib/python2.6/dist-packages/twisted/internet/selectreactor.py", line 140, in doSelect
    _logrun(selectable, _drdw, selectable, method, dict)
--- <exception caught here> ---
  File "/usr/lib/python2.6/dist-packages/twisted/python/log.py", line 84, in callWithLogger
    return callWithContext({"system": lp}, func, *args, **kw)
  File "/usr/lib/python2.6/dist-packages/twisted/python/log.py", line 69, in callWithContext
    return context.call({ILogContext: newCtx}, func, *args, **kw)
  File "/usr/lib/python2.6/dist-packages/twisted/python/context.py", line 59, in callWithContext
    return self.currentContext().callWithContext(ctx, func, *args, **kw)
  File "/usr/lib/python2.6/dist-packages/twisted/python/context.py", line 37, in callWithContext
    return func(*args,**kw)
  File "/usr/lib/python2.6/dist-packages/twisted/internet/selectreactor.py", line 156, in _doReadOrWrite
    self._disconnectSelectable(selectable, why, method=="doRead")
  File "/usr/lib/python2.6/dist-packages/twisted/internet/posixbase.py", line 191, in _disconnectSelectable
    selectable.readConnectionLost(f)
  File "/usr/lib/python2.6/dist-packages/twisted/internet/tcp.py", line 508, in readConnectionLost
    self.connectionLost(reason)
  File "/usr/lib/python2.6/dist-packages/twisted/internet/tcp.py", line 677, in connectionLost
    Connection.connectionLost(self, reason)
  File "/usr/lib/python2.6/dist-packages/twisted/internet/tcp.py", line 519, in connectionLost
    protocol.connectionLost(reason)
  File "/usr/lib/python2.6/dist-packages/twisted/web/http.py", line 489, in connectionLost
    self.handleResponseEnd()
  File "/pentest/web/sslstrip/sslstrip/ServerConnection.py", line 119, in handleResponseEnd
    HTTPClient.handleResponseEnd(self)
  File "/usr/lib/python2.6/dist-packages/twisted/web/http.py", line 500, in handleResponseEnd
    self.handleResponse(B)
  File "/pentest/web/sslstrip/sslstrip/ServerConnection.py", line 134, in handleResponse
    self.shutdown()
  File "/pentest/web/sslstrip/sslstrip/ServerConnection.py", line 154, in shutdown
    self.client.finish()
  File "/usr/lib/python2.6/dist-packages/twisted/web/http.py", line 900, in finish
    "Request.finish called on a request after its connection was lost; "
exceptions.RuntimeError: Request.finish called on a request after its connection was lost; use Request.notifyFinish to keep track of this.

Edited by diggler
Link to comment
Share on other sites

I received this comment from the man himself...

"Both use HSTS headers now, so if you're using a browser that supports them (like Chrome), there's no opportunity for sslstrip to do anything. That output is from Twisted,and it doesn't indicate any actual problem."

UPDATE1:

http://www.owasp.or...nsport_Security

UPDATE2:

SSLStrip still works against Safari

Definitely broken with FF and Chrome tho : (

Now what?

UPDATE3:

"HSTS fixes this problem by informing the browser that connections to the site should always use SSL. Of course, the HSTS header can be stripped by the attacker if this is the user's first visit.Chrome attempts to limit this problem by including a hard-coded list of HSTS sites.[11] Unfortunately this solution cannot scale to include all websites on the internet; a more workable solution can be achieved by including HSTS data inside DNS records, and accessing them securely via DNSSEC."

Edited by diggler
Link to comment
Share on other sites

I received this comment from the man himself...

"Both use HSTS headers now, so if you're using a browser that supports them (like Chrome), there's no opportunity for sslstrip to do anything. That output is from Twisted,and it doesn't indicate any actual problem."

UPDATE1:

http://www.owasp.or...nsport_Security

UPDATE2:

SSLStrip still works against Safari

Definitely broken with FF and Chrome tho : (

Now what?

UPDATE3:

"HSTS fixes this problem by informing the browser that connections to the site should always use SSL. Of course, the HSTS header can be stripped by the attacker if this is the user's first visit.Chrome attempts to limit this problem by including a hard-coded list of HSTS sites.[11] Unfortunately this solution cannot scale to include all websites on the internet; a more workable solution can be achieved by including HSTS data inside DNS records, and accessing them securely via DNSSEC."

Thanks for following through on this Diggler! I was just going to get into sslstrip this weekend, so this is some great food for thought. Thanks very much

telot

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...