Mk4 And Sslstrip

[satai]

Hey,

Has anyone had any luck with sslstrip running on the actual mk4 device, i installed it(to usb) and after a few tweaks got it to run, the problem is it doesn't look like IPTABLES on the device allows for port redirection so i am not able to redirect from 80 to the port SSLStrip is running on, if anyone knows of another way to do port redirection that would be really helpful

[satai]

Hey,

Has anyone had any luck with sslstrip running on the actual mk4 device, i installed it(to usb) and after a few tweaks got it to run, the problem is it doesn't look like IPTABLES on the device allows for port redirection so i am not able to redirect from 80 to the port SSLStrip is running on, if anyone knows of another way to do port redirection that would be really helpful

Little more info on this i wanted to use iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 and run sslstrip on that port however if you try using this method you get an error :unknow option to port" digging into this package iptables-mod-nat-extra will resolve this problem and is a listed package however if you try installing that package it complains about a kernel dependancy.

[satai]

Little more info on this i wanted to use iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 and run sslstrip on that port however if you try using this method you get an error :unknow option to port" digging into this package iptables-mod-nat-extra will resolve this problem and is a listed package however if you try installing that package it complains about a kernel dependancy.

Ok ironed all the other issues out and now left with one that i can't seem to figure out and any help would be appreciated

using this Nat RULE

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

I get the error iptables: No chain/target/match by that name.

Anyone seen this before or can give me a pointer.

Thanks

[Valsacar]

I didn't even get that far... just throws an error for me.

[satai]

I didn't even get that far... just throws an error for me.

What Error are you getting?

[Darren Shady]

I didn't even get that far... just throws an error for me.

You at least get the option, you need to update and install the package; I'm getting the same "No chain/target/match by that name" error.

To add the extra nat options;

opkg update
opkg install iptables-mod-nat-extra

[satai]

Ok so by using the new beta firmware iptables works, i can install SSLstrip and i can do the NAT forward, unfortunately a few seconds after SSL strip runs the pineapple reboots.

The updated Kernel in the beta version definitely helped the iptables issues

[telot]

Ok so by using the new beta firmware iptables works, i can install SSLstrip and i can do the NAT forward, unfortunately a few seconds after SSL strip runs the pineapple reboots.

The updated Kernel in the beta version definitely helped the iptables issues

Thats great to hear you're making progress! I'm hugely interested in getting this working as well, unfortunately I haven't been able to spend much time on it in the last week.

Bummer that it keeps rebooting though - perhaps Seb can shine some light?

telot

[bobtheman]

I would love a how to guide on this.

[satai]

I would love a how to guide on this.

Will Definitely post something once its working

[telot]

Well its been a couple weeks...anyone had any luck on the sslstrip front? If not, I'll play with it tomorrow morning when I got some pineapple time :)

telot

[legion]

Well its been a couple weeks...anyone had any luck on the sslstrip front? If not, I'll play with it tomorrow morning when I got some pineapple time :)

telot

Any luck?

[Deezer]

Any luck?

Same here. im curious. I have installed all depencies, sslstrip is starting on commmand line, but not really sure how to route traffic for it to generate stripped traffic to a eth0 port or do some phising.

[legion]

I've installed sslstrip, but when I run it, I'm getting the following error:

Traceback (most recent call last):
  File "/usb/usr/bin/sslstrip", line 27, in <module>
    from twisted.web import http
  File "/usb/usr/lib/python2.6/site-packages/twisted/__init__.py", line 22, in <module>
    raise ImportError("you need zope.interface installed "
ImportError: you need zope.interface installed (http://zope.org/Products/ZopeInterface/)

I checked and it is installed:

root@Pineapple:~# opkg install zope-interface -d usb
Package zope-interface (2.5.0-1) installed in usb is up to date.

Any ideas?

[RebelCork]

I've installed sslstrip, but when I run it, I'm getting the following error:

Traceback (most recent call last):
  File "/usb/usr/bin/sslstrip", line 27, in <module>
    from twisted.web import http
  File "/usb/usr/lib/python2.6/site-packages/twisted/__init__.py", line 22, in <module>
    raise ImportError("you need zope.interface installed "
ImportError: you need zope.interface installed (http://zope.org/Products/ZopeInterface/)

I checked and it is installed:

root@Pineapple:~# opkg install zope-interface -d usb
Package zope-interface (2.5.0-1) installed in usb is up to date.

Any ideas?

Just wondering, have you installed it to a usb drive and have you sym linked the program?

[legion]

Just wondering, have you installed it to a usb drive and have you sym linked the program?

No, but I found the solution on another site. I just had to create the missing file. Here's the command:

touch /usb/usr/lib/python2.6/site-packages/twisted/__init__.py

[elmocrispers]

Anyone else have issues with this? is there a how to on this out there somewhere?

thanks,

Elmocrispers

[telot]

Anyone else have issues with this? is there a how to on this out there somewhere?

thanks,

Elmocrispers

Nope - we still have to develop it as a community. If you'd like to give it a shot and share your results here in this thread, that'd be great! I haven't had much luck finding time to devote to it unfortunately :S Once I do I will surely post what I find. In the meantime however, please have a go at it!

telot

[elmocrispers]

Nope - we still have to develop it as a community. If you'd like to give it a shot and share your results here in this thread, that'd be great! I haven't had much luck finding time to devote to it unfortunately :S Once I do I will surely post what I find. In the meantime however, please have a go at it!

telot

Challenge accepted :)

elmocrispers

[legion]

Am I correct in thinking that the issue is with the bridged interface and iptables? Apparently this guy got it working on a vanilla openwrt box:

http://www.rodneybeede.com/sslstrip_on_OpenWRT__Linux__wireless_router.html

[Sebkinne]

I have SSLStrip working on a beta I am testing right now.

Once internal testing is complete I will post it as a beta.

If that is successful then the beta will be rolled into a release.

This does take some time as there is a lot to test. So no ETA ;)

Best,

Sebkinne

[Whistle Master]

Excellent news ! Can't wait to get the beta !

[legion]

Is it feasible to run ettercap in conjunction with sslstrip to easily snatch passwords? I've ran them together many times on a linux box without any issues. I'm just not sure how well it will work on the bridged interface.

[telot]

I have SSLStrip working on a beta I am testing right now.

Once internal testing is complete I will post it as a beta.

If that is successful then the beta will be rolled into a release.

This does take some time as there is a lot to test. So no ETA ;)

Best,

Sebkinne

Best news I've heard all day! Thanks Seb!

telot

[g4hsean]

Sebkinne, I was wondering how you got it running on the beta version that you have now? Up until now I have got almost everything working except for iptables complaining "iptables: No chain/target/match by that name." because of the --to-port(s) option. How did you bypass that issue, would you be able to share some of this info so like that we can try it out or is it something that is too risky?

I also heard that the only way to get sslstrip working is with a beta kernel that you guys are working with. When will this kernel be available to test on for us beta testers?

Thanks

Sean