Whistle Master Posted May 5, 2012 Share Posted May 5, 2012 (edited) Hi !Since sslstrip is now working, I made a module for it Features- sslstrip log history- iptables rules automatically installed- start/stop sslstrip from uiScreenshots Edited August 5, 2013 by Whistle Master Quote Link to comment Share on other sites More sharing options...
legion Posted May 5, 2012 Share Posted May 5, 2012 · Hidden by legion, May 5, 2012 - Oops Hidden by legion, May 5, 2012 - Oops Hi ! Since sslstrip is now working, I made a module for it :) The module is still in testing phase, so as usual, if you want to beta test it, send me a PM ;) Features - sslstrip log history - logs on USB - install iptables rules from ui - start sslstrip from ui Screenshots Count me in! Link to comment
shadowmmm Posted May 5, 2012 Share Posted May 5, 2012 +1.trying to work with sslstrip and see how dns spoofing will work with SET running Quote Link to comment Share on other sites More sharing options...
WatskeBart Posted May 5, 2012 Share Posted May 5, 2012 This will be a great addition to the pineapple :) Quote Link to comment Share on other sites More sharing options...
!marvin Posted May 6, 2012 Share Posted May 6, 2012 cool, I would have a feature request :-) Would be great if iptable nat rules would be editable. Example do only NAT if source is in net x.x.x.x e.g.: iptables -t nat -A PREROUTING -p tcp -s 172.16.42.0/24 --destination-port 443 -j REDIRECT --to-ports 10000 Helps to access the port 80 webinterface if only some subnets are redirected :-) Quote Link to comment Share on other sites More sharing options...
Vulture Posted May 6, 2012 Share Posted May 6, 2012 cool, I would have a feature request :-) Would be great if iptable nat rules would be editable. Example do only NAT if source is in net x.x.x.x e.g.: iptables -t nat -A PREROUTING -p tcp -s 172.16.42.0/24 --destination-port 443 -j REDIRECT --to-ports 10000 Helps to access the port 80 webinterface if only some subnets are redirected :-) From my understanding WM has already accounted for the iptables redirect locking out the web GUI. Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted May 6, 2012 Author Share Posted May 6, 2012 From my understanding WM has already accounted for the iptables redirect locking out the web GUI. True :) I simplified to only one link (screenshots are not up-to-date) which will setup and start sslstrip. As soon as I received enough feedback, I will release the first version. Quote Link to comment Share on other sites More sharing options...
!marvin Posted May 6, 2012 Share Posted May 6, 2012 From my understanding WM has already accounted for the iptables redirect locking out the web GUI. Sorry, didn't notice that. Just saw the print screens and the feature list saying: "- iptables rules automatically installed". There were nothing mentioned regarding „customizable“ iptable settings Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted May 6, 2012 Author Share Posted May 6, 2012 (edited) Actually you can't customize the iptables rules from the UI. I prefer having a standard, simplified and working way for the moment from the UI for most of the users. I assumed advanced users can still go with ssh ;). I will maybe add a configuration section to modify the iptables command. I'm just wondering, in which case(s) you would like to customize the commands ? Edited May 6, 2012 by Whistle Master Quote Link to comment Share on other sites More sharing options...
!marvin Posted May 6, 2012 Share Posted May 6, 2012 Actually you can't customize the iptables rules from the UI. I prefer having a standard, simplified and working way for the moment from the UI for most of the users. I assumed advanced users can still go with ssh ;). I will maybe add a configuration section to modify the iptables command. I'm just wondering, in which case(s) you would like to customize the commands ? Two cases I can think about iptable customization would help: 1) I sometimes use a topology where I connect the MK4 directly to the DSL Subnet but do not use a separate PC for connection sharing (ics). Therefor I hide (masquerade) normally the WLAN subnet behind the WAN Port IP address (DSL Range) with an iptable rule (safes me from creating back routes on DSL router ). This is more to iptables directly and has more or less nothing to do with your sslstrip module I guess. But the whole thinks works perfect - also with sslstrip :) 2) Correct me if I'm wrong but if I redirect the whole traffic to port 80 I will also not be able to connect to the MK4 webinterface anymore (with any topology). So that would be a second scenario where customization of iptable would help. Maybe it would be possible to enter just a source IP range from where redirection should take place? But you are absolutely right. It can also be done by ssh. Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted May 7, 2012 Author Share Posted May 7, 2012 (edited) Regarding (2), if sslstrip is running BEFORE adding the iptables rule, you can still access the pineapple interface (you are redirected yourself through sslstrip). Correct me if I wrong, but this command would not help as we are accessing the pineapple with the IP 172.16.42.42 which is in the source subnet of this iptables rule iptables -t nat -A PREROUTING -p tcp -s 172.16.42.0/24 --destination-port 443 -j REDIRECT --to-ports 10000 except if you are accessing your pineapple from a different subnet like 192.168.1.0/24, right ? We could add the following rule to not redirect our IP to sslstrip: iptables -t nat -A PREROUTING -s 172.16.42.42 -p tcp --dport 80 -j ACCEPT And this IP could also be determined before starting sslstrip from the UI and therefore be anything else. Just a little brainstorm :) Edited May 7, 2012 by Whistle Master Quote Link to comment Share on other sites More sharing options...
!marvin Posted May 7, 2012 Share Posted May 7, 2012 Regarding (2), if sslstrip is running BEFORE adding the iptables rule, you can still access the pineapple interface (you are redirected yourself through sslstrip). Correct me if I wrong, but this command would not help as we are accessing the pineapple with the IP 172.16.42.42 which is in the source subnet of this iptables rule iptables -t nat -A PREROUTING -p tcp -s 172.16.42.0/24 --destination-port 443 -j REDIRECT --to-ports 10000 except if you are accessing your pineapple from a different subnet like 192.168.1.0/24, right ? We could add the following rule to not redirect our IP to sslstrip: iptables -t nat -A PREROUTING -s 172.16.42.42 -p tcp --dport 80 -j ACCEPT And this IP could also be determined before starting sslstrip from the UI and therefore be anything else. Just a little brainstorm :) 1) Regarding your first point (running sslstrip before IPtabel): don't want to see my own password in the log file No, serious: didn't try that but makes sense. You probably do not even have to start the script first BUT you have to start it and it should not crash, otherwise you have to use ssh or the powercycle method to access the webinterface ... 2) Don't want to correct you :) . You are correct of course. I’m connecting from a different IP as you noted but not from 172.16.42.0/24 subnet. 3) Don't know if I got your idea but then it should be iptables -t nat -A PREROUTING -s ! 172.16.42.42 -p tcp --dport 80 -j ACCEPT Not testet, but as far as I remember the "!" add an exception So it would NAT everything but the management station. Maybe there is a way to get the IP of the management host (connection log: Pineapple authpriv.notice dropbear[10456]: Password auth succeeded for 'root' from x.x.x.x) an add an auto exception for this IP just in case the management connects not from 172.16.42.42. Was also only a little brainstorming. Maybe it's getting a little too complicated now and you better add only the standard iptable rules as planed and everyone needs to change it, can change the config file where the iptable commands are defined Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted May 9, 2012 Author Share Posted May 9, 2012 · Hidden by Whistle Master, May 9, 2012 - No reason given Hidden by Whistle Master, May 9, 2012 - No reason given Hi ! Since sslstrip is now working, I made a module for it :) Features - sslstrip log history & logs can be stored on USB - iptables rules automatically installed - start/stop sslstrip from ui Screenshots Link to comment
Whistle Master Posted May 9, 2012 Author Share Posted May 9, 2012 First version sent to Seb ;) Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted May 9, 2012 Share Posted May 9, 2012 First version sent to Seb ;) ;) Deployed. Quote Link to comment Share on other sites More sharing options...
sem1845 Posted May 10, 2012 Share Posted May 10, 2012 Thanks for the great work. The module is working great. Quote Link to comment Share on other sites More sharing options...
vince2015 Posted May 11, 2012 Share Posted May 11, 2012 can someone help me... all i want to do is start up my pineapple up and start karma and start sslstrip. Quote Link to comment Share on other sites More sharing options...
shadowmmm Posted May 12, 2012 Share Posted May 12, 2012 Download from module opkg manager. Install sslstrip on usb with swap partion.launch sslstrip module. Forward logs to usb.start sslstrip. And you should be good to go Quote Link to comment Share on other sites More sharing options...
vince2015 Posted May 12, 2012 Share Posted May 12, 2012 is it possible to run dns spoof and sslstrip at the same time? Quote Link to comment Share on other sites More sharing options...
abxy007 Posted May 13, 2012 Share Posted May 13, 2012 Download from module opkg manager. Install sslstrip on usb with swap partion.launch sslstrip module. Forward logs to usb.start sslstrip. And you should be good to go how do you forward logs? Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted May 13, 2012 Author Share Posted May 13, 2012 how do you forward logs? You have a link on the main module page :) Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted May 16, 2012 Author Share Posted May 16, 2012 v1.2 is out, with autostart feature ;) Quote Link to comment Share on other sites More sharing options...
shadowmmm Posted May 28, 2012 Share Posted May 28, 2012 so after updating to the new firmware 2.1.0 and after setting up the usb correctly again and then going to the pineapple bar i installed sslstrip to usb after that i pinned the sslstrip to the hotbar when i scroll over launch it shows sslstrip.php but when i click it it brings me to redirect.php and just keeps clicking and refreshing on that. Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted May 28, 2012 Author Share Posted May 28, 2012 (edited) Can you ssh to your pineapple and see if the module is correctly installed on USB ? Post the following output: ls -la /www/pineapple/modules/ ls -la /usb/modules/ ls -la /usb/modules/sslstrip EDIT: I just tried to remove and install again the module on USB and it's working fine. I guess the problem is on your side... Edited May 28, 2012 by Whistle Master Quote Link to comment Share on other sites More sharing options...
shadowmmm Posted May 30, 2012 Share Posted May 30, 2012 k got it working yeah had to reinstall again Thx WM Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.