thaihenry Posted June 19, 2012 Share Posted June 19, 2012 According to moxie, these are the changes that he made: Changes in 0.8 (04/24/11) Major speed enhancements. Compatibility changes for recent versions of twisted. Support for stripping URLs with explicit port specifications (ie: foo.com:443) A number of small bug fixes. Changes in 0.7 (12/18/09) Fixed a minor bug that could prevent favicon spoofing from working correctly (thanks Simon Nicolussi). Changes in 0.6 (9/22/09) Fixed a silly bug in specifing the listen port with -l Here is how to get is working: cd /usb wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.8.tar.gz tar xfv ssl* cd ssl* You can either run sslstrip version 8 directly or you can install it in the system. to run without installing: iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 10000 python sslstrip.py -k -f -w /usb/sslstrip.log I like to use screen so that I can run sslstrip in one screen and then see the output in other: tail /usb/sslstrip.log -f to install sslstrip: python setup.py install hey what command are you using to install version 8? and do you think it is faster/better? Quote Link to comment Share on other sites More sharing options...
PineDominator Posted June 19, 2012 Share Posted June 19, 2012 thanks thaihenry I didn't think of just trying the actual python script for newer versions I guess you have to install all the dependency's still Quote Link to comment Share on other sites More sharing options...
thaihenry Posted June 19, 2012 Share Posted June 19, 2012 Just in case someone can take this further, this is the error message when running version 9 after a few seconds: sslstrip 0.9 by Moxie Marlinspike running... Traceback (most recent call last): File "/opt/usr/lib/python2.7/site-packages/twisted/python/log.py", line 48, in callWithLogger return callWithContext({"system": lp}, func, *args, **kw) File "/opt/usr/lib/python2.7/site-packages/twisted/python/log.py", line 33, in callWithContext return context.call({ILogContext: newCtx}, func, *args, **kw) File "/opt/usr/lib/python2.7/site-packages/twisted/python/context.py", line 59, in callWithContext return self.currentContext().callWithContext(ctx, func, *args, **kw) File "/opt/usr/lib/python2.7/site-packages/twisted/python/context.py", line 37, in callWithContext return func(*args,**kw) --- <exception caught here> --- File "/opt/usr/lib/python2.7/site-packages/twisted/internet/selectreactor.py", line 139, in _doReadOrWrite why = getattr(selectable, method)() File "/opt/usr/lib/python2.7/site-packages/twisted/internet/tcp.py", line 362, in doRead return self.protocol.dataReceived(data) File "/opt/usr/lib/python2.7/site-packages/twisted/protocols/basic.py", line 232, in dataReceived why = self.lineReceived(line) File "/opt/usr/lib/python2.7/site-packages/twisted/web/http.py", line 388, in lineReceived self.handleHeader(key, val) File "/usb/sslstrip-0.9/sslstrip/ServerConnection.py", line 98, in handleHeader self.client.responseHeaders.addRawHeader(key, value) exceptions.AttributeError: ClientRequest instance has no attribute 'responseHeaders' Quote Link to comment Share on other sites More sharing options...
thaihenry Posted June 19, 2012 Share Posted June 19, 2012 (edited) To answer my own post and get the latest version of sslstrip (v.9) working: Comment out lines 97 and line 98 of ServerConnection.py in the sslstrip sub-folder. # elif (key.lower() == 'set-cookie'): # self.client.responseHeaders.addRawHeader(key, value) However I have tested vesions 6-9 of sslstrip, while version 8 and 9 work, there is a problem (only on openwrt) that prevents the web page being loaded after passwords have been captured. most likely because "Compatibility changes for recent versions of twisted" Which means that twisted is not the latest version on openwrt. Versions 6-7 work fine. Also killsessions that never worked properly for me on versions 8 and 9 does seem to work good on 6 and 7! Just in case someone can take this further, this is the error message when running version 9 after a few seconds: sslstrip 0.9 by Moxie Marlinspike running... Traceback (most recent call last): File "/opt/usr/lib/python2.7/site-packages/twisted/python/log.py", line 48, in callWithLogger return callWithContext({"system": lp}, func, *args, **kw) File "/opt/usr/lib/python2.7/site-packages/twisted/python/log.py", line 33, in callWithContext return context.call({ILogContext: newCtx}, func, *args, **kw) File "/opt/usr/lib/python2.7/site-packages/twisted/python/context.py", line 59, in callWithContext return self.currentContext().callWithContext(ctx, func, *args, **kw) File "/opt/usr/lib/python2.7/site-packages/twisted/python/context.py", line 37, in callWithContext return func(*args,**kw) --- <exception caught here> --- File "/opt/usr/lib/python2.7/site-packages/twisted/internet/selectreactor.py", line 139, in _doReadOrWrite why = getattr(selectable, method)() File "/opt/usr/lib/python2.7/site-packages/twisted/internet/tcp.py", line 362, in doRead return self.protocol.dataReceived(data) File "/opt/usr/lib/python2.7/site-packages/twisted/protocols/basic.py", line 232, in dataReceived why = self.lineReceived(line) File "/opt/usr/lib/python2.7/site-packages/twisted/web/http.py", line 388, in lineReceived self.handleHeader(key, val) File "/usb/sslstrip-0.9/sslstrip/ServerConnection.py", line 98, in handleHeader self.client.responseHeaders.addRawHeader(key, value) exceptions.AttributeError: ClientRequest instance has no attribute 'responseHeaders' Edited June 19, 2012 by thaihenry Quote Link to comment Share on other sites More sharing options...
Nextria Posted June 26, 2012 Share Posted June 26, 2012 Hey, Maybe a stupid question, but can we run SSLstrip and Urlsnarf at the same time ? Or can we just run one of them ? regards nextria Quote Link to comment Share on other sites More sharing options...
thaihenry Posted June 27, 2012 Share Posted June 27, 2012 urlsnarf listens only on port 80 and 8080. Once you start sslstrip, traffic is redirected to port 10000 by default, so urlsnarf does not see any traffic. I have not tried it, but get sslstrip to run on port 8080, urlsnarf may then pick up the traffic. Hey, Maybe a stupid question, but can we run SSLstrip and Urlsnarf at the same time ? Or can we just run one of them ? regards nextria Quote Link to comment Share on other sites More sharing options...
comfree Posted June 28, 2012 Share Posted June 28, 2012 Hi, I have a problem with the autostart of the sslstrip module. I aktivated the autostart function, but nothing is going to happen. I reinstalled twice, looked at the autostart.sh but its still not working. I think its working until the iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000 line. I added iptables -t nat -D PREROUTING 1 to the autostart script to get my webinterface back. Everything works fine except the sslstrip -k -f -w ${MYPATH}log/output_${MYTIME}.log 2>&1 & command. At least I think there is the problem... annyone else got that issue? Or can help me fix that? Sslstrip and the module are both installed the my usb drive, I got swap running and starting the sslstrip by hand works like a charm. Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted June 29, 2012 Author Share Posted June 29, 2012 Have you correctly installed SSLstrip program (not the module) ? The command: iptables -t nat -D PREROUTING 1 deletes the rule which forwards all the traffic to SSLstrip, therefore, you won't capture anything if you issue this command. So don't add it to the script, it is useless definitely... Quote Link to comment Share on other sites More sharing options...
BigFanOHak5 Posted July 5, 2012 Share Posted July 5, 2012 I'm a bit confused on the sslstrip module. If I install it via the pineapple bar, do I need to do anything else or does the module auto installs all the things needed to make it work? I keep seeing threads popping up about fixing ip tables and such. Just want to know before I install it via pineapple bar. thanks Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted July 6, 2012 Author Share Posted July 6, 2012 The module configures and installs all you need to be up and running :) Quote Link to comment Share on other sites More sharing options...
rffs Posted July 14, 2012 Share Posted July 14, 2012 hello, sslstrip works like a charm :D great work thanks Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted July 14, 2012 Author Share Posted July 14, 2012 Thanks for your report ;) Quote Link to comment Share on other sites More sharing options...
PineDominator Posted July 14, 2012 Share Posted July 14, 2012 Thanks for your report ;) WM I was testing the module on myself and I found out that my banks website truncates the password down to 8 charecters:-( because of your module I now save time when inputting my password:-D lol Quote Link to comment Share on other sites More sharing options...
WatskeBart Posted July 15, 2012 Share Posted July 15, 2012 WM I was testing the module on myself and I found out that my banks website truncates the password down to 8 charecters:-( because of your module I now save time when inputting my password:-D lol Hoorah for token login based banks :) Quote Link to comment Share on other sites More sharing options...
Marlboro Filter Posted August 25, 2012 Share Posted August 25, 2012 WM, i just installed the latest sslstrip module from pineapple bar to usb, but it seems the page freeze at "installing SSLstrip....." progress. i already wait almost 2 hours but the page still freeze, is it ok to refresh the page? If i open it in a new tab it stated sslstrip already installed. I used fw : 2.6.1 mk4 Please help thanks Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted August 25, 2012 Author Share Posted August 25, 2012 You can close or refresh the page. If then it says that it's installed, you should good to go ;) Quote Link to comment Share on other sites More sharing options...
thaihenry Posted September 15, 2012 Share Posted September 15, 2012 For anyone interested, I got sslstrip .9 working by remarking the following lines so that the deprecate module is not requried: nano /opt/usr/lib/python2.7/site-packages/twisted/web/__init__.py # -*- test-case-name: twisted.web.test -*- # Copyright © Twisted Matrix Laboratories. # See LICENSE for details. """ Twisted Web: a L{web server} (including an L{HTTP implementation} and a L{resource model}) and a L{web client}. """ from twisted.web._version import version from twisted.python.versions import Version #from twisted.python.deprecate import deprecatedModuleAttribute __version__ = version.short() #deprecatedModuleAttribute( # Version('Twisted', 11, 1, 0), # "Google module is deprecated. Use Google's API instead", # __name__, "google") Quote Link to comment Share on other sites More sharing options...
PineDominator Posted September 15, 2012 Share Posted September 15, 2012 For anyone interested, I got sslstrip .9 working by remarking the following lines so that the deprecate module is not requried: thaihenry do you find it better than using .7? Quote Link to comment Share on other sites More sharing options...
pineapples4fun Posted September 22, 2012 Share Posted September 22, 2012 Having difficulty getting this module to work. Running Firmware: 2.6.4 SSLstrip version: 2.3 (installed to USB) I attempt to start sslstrip and it will just turn off after 20 seconds or so (from the WebUI). I get the following error via command line: root@Pineapple:~# /usb/usr/bin/sslstripTraceback (most recent call last): File "/usb/usr/bin/sslstrip", line 27, in <module> from twisted.web import http File "/usb/usr/lib/python2.7/site-packages/twisted/web/http.py", line 36, in <module> from twisted.internet import interfaces, reactor, protocol, address, taskEOFError: EOF read where object expected[/CODE]Hopefully somebody knows a fix for this. I tried to search and have attempted a few work arounds but no such luck thus far.Thanks Quote Link to comment Share on other sites More sharing options...
PineDominator Posted September 22, 2012 Share Posted September 22, 2012 Having difficulty getting this module to work. Running Firmware: 2.6.4 SSLstrip version: 2.3 (installed to USB) I attempt to start sslstrip and it will just turn off after 20 seconds or so (from the WebUI). I get the following error via command line: root@Pineapple:~# /usb/usr/bin/sslstripTraceback (most recent call last):File "/usb/usr/bin/sslstrip", line 27, in <module>from twisted.web import httpFile "/usb/usr/lib/python2.7/site-packages/twisted/web/http.py", line 36, in <module>from twisted.internet import interfaces, reactor, protocol, address, taskEOFError: EOF read where object expected[/CODE]Hopefully somebody knows a fix for this. I tried to search and have attempted a few work arounds but no such luck thus far.Thanksis usb swap working? go to resources tab and see if it shows the block size Quote Link to comment Share on other sites More sharing options...
pineapples4fun Posted September 22, 2012 Share Posted September 22, 2012 is usb swap working? go to resources tab and see if it shows the block size Here's my swap/df/usb info. Quote Link to comment Share on other sites More sharing options...
pineapples4fun Posted September 25, 2012 Share Posted September 25, 2012 (edited) So a small update. I'm not sure what caused my error but I traced it down to http.py. After comparing my backtrack http.py from twisted to the current I noticed a minor difference on the line that was erroring out. Before: # twisted importsfrom twisted.internet import interfaces, reactor, protocol, address, task[/CODE]After:[CODE]# twisted importsfrom twisted.internet import interfaces, reactor, protocol, address[/CODE]Basically I removed the importing of the task portion.Since then, sslstrip fires up fine. While I do know python I am not familiar enough with the twisted suite to know if the task portion of the module is needed. We'll see if I get any errors. root@Pineapple:/usb/usr/lib/python2.7/site-packages/twisted/web# sslstrip sslstrip 0.6 by Moxie Marlinspike running... Edited September 25, 2012 by pineapples4fun Quote Link to comment Share on other sites More sharing options...
pineapples4fun Posted September 28, 2012 Share Posted September 28, 2012 So while I was successful in getting ssltrip to not crash when started the workaround isn't worth while. Removing that module from http.py caused the local webserver to stop running (that handles non-management web services it appears, such as phishing). So as a result I had to put it back and I'm in the same boat as before. This is a new install but I went ahead and did a reset, uninstalled all modules and tried again, same error. Nobody else is getting this error? This was a fresh install running the latest firmware, downloading the latest sslstrip module from the opkg. Quote Link to comment Share on other sites More sharing options...
PineDominator Posted October 9, 2012 Share Posted October 9, 2012 NEW findings! Ok so I was testing some stuff out and found in order to get the fake lock.ico icon to show in the users browser when being stripped I had to issue ln -s /usb/usr/share/sslstrip/ /usr/share/sslstrip[/CODE]Full sslstrip install[CODE]opkg updateopkg --dest usb install sslstripln -s /usb/usr/lib/python2.7 /usr/lib/python2.7touch /usb/usr/lib/python2.7/site-packages/zope/__init__.pyln -s /usb/usr/share/sslstrip/ /usr/share/sslstrip[/CODE]Now I was also testing the (64MB Hornet board) and can see from a fresh start I have 36MB free instead of the usual 4 to 6MB (32MB Hornet board). running sslstrip immediately takes about 16MB. It seems to perform a little bit faster. Quote Link to comment Share on other sites More sharing options...
pineapples4fun Posted October 10, 2012 Share Posted October 10, 2012 (edited) Well, update.. I jumped over to the #twisted.web channel and a friendly twisted guru pinpointed my issue to a compiled python file. He had me remove my .pyc files for twisted and it fires right up now. find /usb/usr/lib/python2.7/site-packages/twisted/ -name '*.pyc' -print0 | xargs -0 rm -i[/CODE]Hopefully it helps someone else if they run into this issue. Edited October 10, 2012 by pineapples4fun Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.