Jump to content

Sslstrip


Recommended Posts

According to moxie, these are the changes that he made:

Changes in 0.8 (04/24/11)

Major speed enhancements.

Compatibility changes for recent versions of twisted.

Support for stripping URLs with explicit port specifications (ie: foo.com:443)

A number of small bug fixes.

Changes in 0.7 (12/18/09)

Fixed a minor bug that could prevent favicon spoofing from working correctly (thanks Simon Nicolussi).

Changes in 0.6 (9/22/09)

Fixed a silly bug in specifing the listen port with -l

Here is how to get is working:

cd /usb

wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.8.tar.gz

tar xfv ssl*

cd ssl*

You can either run sslstrip version 8 directly or you can install it in the system.

to run without installing:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 10000

python sslstrip.py -k -f -w /usb/sslstrip.log

I like to use screen so that I can run sslstrip in one screen and then see the output in other:

tail /usb/sslstrip.log -f

to install sslstrip:

python setup.py install

hey what command are you using to install version 8? and do you think it is faster/better?

Link to comment
Share on other sites

  • Replies 142
  • Created
  • Last Reply

Top Posters In This Topic

Just in case someone can take this further,

this is the error message when running version 9 after a few seconds:

sslstrip 0.9 by Moxie Marlinspike running...

Traceback (most recent call last):

File "/opt/usr/lib/python2.7/site-packages/twisted/python/log.py", line 48, in callWithLogger

return callWithContext({"system": lp}, func, *args, **kw)

File "/opt/usr/lib/python2.7/site-packages/twisted/python/log.py", line 33, in callWithContext

return context.call({ILogContext: newCtx}, func, *args, **kw)

File "/opt/usr/lib/python2.7/site-packages/twisted/python/context.py", line 59, in callWithContext

return self.currentContext().callWithContext(ctx, func, *args, **kw)

File "/opt/usr/lib/python2.7/site-packages/twisted/python/context.py", line 37, in callWithContext

return func(*args,**kw)

--- <exception caught here> ---

File "/opt/usr/lib/python2.7/site-packages/twisted/internet/selectreactor.py", line 139, in _doReadOrWrite

why = getattr(selectable, method)()

File "/opt/usr/lib/python2.7/site-packages/twisted/internet/tcp.py", line 362, in doRead

return self.protocol.dataReceived(data)

File "/opt/usr/lib/python2.7/site-packages/twisted/protocols/basic.py", line 232, in dataReceived

why = self.lineReceived(line)

File "/opt/usr/lib/python2.7/site-packages/twisted/web/http.py", line 388, in lineReceived

self.handleHeader(key, val)

File "/usb/sslstrip-0.9/sslstrip/ServerConnection.py", line 98, in handleHeader

self.client.responseHeaders.addRawHeader(key, value)

exceptions.AttributeError: ClientRequest instance has no attribute 'responseHeaders'

Link to comment
Share on other sites

To answer my own post and get the latest version of sslstrip (v.9) working:

Comment out lines 97 and line 98 of ServerConnection.py in the sslstrip sub-folder.

# elif (key.lower() == 'set-cookie'):

# self.client.responseHeaders.addRawHeader(key, value)

However I have tested vesions 6-9 of sslstrip, while version 8 and 9 work, there is a problem (only on openwrt) that prevents the web page being loaded after passwords have been captured.

most likely because "Compatibility changes for recent versions of twisted" Which means that twisted is not the latest version on openwrt.

Versions 6-7 work fine. Also killsessions that never worked properly for me on versions 8 and 9 does seem to work good on 6 and 7!

Just in case someone can take this further,

this is the error message when running version 9 after a few seconds:

sslstrip 0.9 by Moxie Marlinspike running...

Traceback (most recent call last):

File "/opt/usr/lib/python2.7/site-packages/twisted/python/log.py", line 48, in callWithLogger

return callWithContext({"system": lp}, func, *args, **kw)

File "/opt/usr/lib/python2.7/site-packages/twisted/python/log.py", line 33, in callWithContext

return context.call({ILogContext: newCtx}, func, *args, **kw)

File "/opt/usr/lib/python2.7/site-packages/twisted/python/context.py", line 59, in callWithContext

return self.currentContext().callWithContext(ctx, func, *args, **kw)

File "/opt/usr/lib/python2.7/site-packages/twisted/python/context.py", line 37, in callWithContext

return func(*args,**kw)

--- <exception caught here> ---

File "/opt/usr/lib/python2.7/site-packages/twisted/internet/selectreactor.py", line 139, in _doReadOrWrite

why = getattr(selectable, method)()

File "/opt/usr/lib/python2.7/site-packages/twisted/internet/tcp.py", line 362, in doRead

return self.protocol.dataReceived(data)

File "/opt/usr/lib/python2.7/site-packages/twisted/protocols/basic.py", line 232, in dataReceived

why = self.lineReceived(line)

File "/opt/usr/lib/python2.7/site-packages/twisted/web/http.py", line 388, in lineReceived

self.handleHeader(key, val)

File "/usb/sslstrip-0.9/sslstrip/ServerConnection.py", line 98, in handleHeader

self.client.responseHeaders.addRawHeader(key, value)

exceptions.AttributeError: ClientRequest instance has no attribute 'responseHeaders'

Edited by thaihenry
Link to comment
Share on other sites

urlsnarf listens only on port 80 and 8080. Once you start sslstrip, traffic is redirected to port 10000 by default, so urlsnarf does not see any traffic.

I have not tried it, but get sslstrip to run on port 8080, urlsnarf may then pick up the traffic.

Hey,

Maybe a stupid question, but can we run SSLstrip and Urlsnarf at the same time ?

Or can we just run one of them ?

regards

nextria

Link to comment
Share on other sites

Hi, I have a problem with the autostart of the sslstrip module.

I aktivated the autostart function, but nothing is going to happen.

I reinstalled twice, looked at the autostart.sh but its still not working.

I think its working until the

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

line.

I added

iptables -t nat -D PREROUTING 1

to the autostart script to get my webinterface back.

Everything works fine except the

sslstrip -k -f -w ${MYPATH}log/output_${MYTIME}.log 2&gt;&amp;1 &amp;

command.

At least I think there is the problem... annyone else got that issue?

Or can help me fix that?

Sslstrip and the module are both installed the my usb drive, I got swap running and starting the sslstrip by hand works like a charm.

Link to comment
Share on other sites

Have you correctly installed SSLstrip program (not the module) ?

The command: iptables -t nat -D PREROUTING 1 deletes the rule which forwards all the traffic to SSLstrip, therefore, you won't capture anything if you issue this command.

So don't add it to the script, it is useless definitely...

Link to comment
Share on other sites

I'm a bit confused on the sslstrip module. If I install it via the pineapple bar, do I need to do anything else or does the module auto installs all the things needed to make it work? I keep seeing threads popping up about fixing ip tables and such. Just want to know before I install it via pineapple bar. thanks

Link to comment
Share on other sites

  • 2 weeks later...

WM I was testing the module on myself and I found out that my banks website truncates the password down to 8 charecters:-(

because of your module I now save time when inputting my password:-D lol

Hoorah for token login based banks :)

Link to comment
Share on other sites

  • 1 month later...

WM, i just installed the latest sslstrip module from pineapple bar to usb, but it seems the page freeze at "installing SSLstrip....." progress.

i already wait almost 2 hours but the page still freeze, is it ok to refresh the page?

If i open it in a new tab it stated sslstrip already installed.

I used fw : 2.6.1 mk4

Please help thanks

Link to comment
Share on other sites

  • 3 weeks later...

For anyone interested, I got sslstrip .9 working by remarking the following lines so that the deprecate module is not requried:

nano /opt/usr/lib/python2.7/site-packages/twisted/web/__init__.py

# -*- test-case-name: twisted.web.test -*-

# Copyright © Twisted Matrix Laboratories.

# See LICENSE for details.

"""

Twisted Web: a L{web server} (including an

L{HTTP implementation} and a

L{resource model}) and

a L{web client}.

"""

from twisted.web._version import version

from twisted.python.versions import Version

#from twisted.python.deprecate import deprecatedModuleAttribute

__version__ = version.short()

#deprecatedModuleAttribute(

# Version('Twisted', 11, 1, 0),

# "Google module is deprecated. Use Google's API instead",

# __name__, "google")

Link to comment
Share on other sites

Having difficulty getting this module to work.

Running Firmware: 2.6.4

SSLstrip version: 2.3 (installed to USB)

I attempt to start sslstrip and it will just turn off after 20 seconds or so (from the WebUI).

I get the following error via command line:


root@Pineapple:~# /usb/usr/bin/sslstrip
Traceback (most recent call last):
File "/usb/usr/bin/sslstrip", line 27, in <module>
from twisted.web import http
File "/usb/usr/lib/python2.7/site-packages/twisted/web/http.py", line 36, in <module>
from twisted.internet import interfaces, reactor, protocol, address, task
EOFError: EOF read where object expected
[/CODE]

Hopefully somebody knows a fix for this. I tried to search and have attempted a few work arounds but no such luck thus far.

Thanks

Link to comment
Share on other sites

Having difficulty getting this module to work.

Running Firmware: 2.6.4

SSLstrip version: 2.3 (installed to USB)

I attempt to start sslstrip and it will just turn off after 20 seconds or so (from the WebUI).

I get the following error via command line:


root@Pineapple:~# /usb/usr/bin/sslstrip
Traceback (most recent call last):
File "/usb/usr/bin/sslstrip", line 27, in <module>
from twisted.web import http
File "/usb/usr/lib/python2.7/site-packages/twisted/web/http.py", line 36, in <module>
from twisted.internet import interfaces, reactor, protocol, address, task
EOFError: EOF read where object expected
[/CODE]

Hopefully somebody knows a fix for this. I tried to search and have attempted a few work arounds but no such luck thus far.

Thanks

is usb swap working? go to resources tab and see if it shows the block size

Link to comment
Share on other sites

So a small update. I'm not sure what caused my error but I traced it down to http.py.

After comparing my backtrack http.py from twisted to the current I noticed a minor difference on the line that was erroring out.

Before:


# twisted imports
from twisted.internet import interfaces, reactor, protocol, address, task[/CODE]

After:

[CODE]
# twisted imports
from twisted.internet import interfaces, reactor, protocol, address[/CODE]

Basically I removed the importing of the task portion.

Since then, sslstrip fires up fine. While I do know python I am not familiar enough with the twisted suite to know if the task portion of the module is needed. We'll see if I get any errors.

root@Pineapple:/usb/usr/lib/python2.7/site-packages/twisted/web# sslstrip

sslstrip 0.6 by Moxie Marlinspike running...

Edited by pineapples4fun
Link to comment
Share on other sites

So while I was successful in getting ssltrip to not crash when started the workaround isn't worth while. Removing that module from http.py caused the local webserver to stop running (that handles non-management web services it appears, such as phishing).

So as a result I had to put it back and I'm in the same boat as before. This is a new install but I went ahead and did a reset, uninstalled all modules and tried again, same error.

Nobody else is getting this error? This was a fresh install running the latest firmware, downloading the latest sslstrip module from the opkg.

Link to comment
Share on other sites

  • 2 weeks later...

NEW findings!

Ok so I was testing some stuff out and found in order to get the fake lock.ico icon to show in the users browser when being stripped I had to issue


ln -s /usb/usr/share/sslstrip/ /usr/share/sslstrip
[/CODE]

Full sslstrip install

[CODE]
opkg update
opkg --dest usb install sslstrip

ln -s /usb/usr/lib/python2.7 /usr/lib/python2.7
touch /usb/usr/lib/python2.7/site-packages/zope/__init__.py
ln -s /usb/usr/share/sslstrip/ /usr/share/sslstrip
[/CODE]

Now I was also testing the (64MB Hornet board) and can see from a fresh start I have 36MB free instead of the usual 4 to 6MB (32MB Hornet board). running sslstrip immediately takes about 16MB. It seems to perform a little bit faster.

Link to comment
Share on other sites

Well, update..

I jumped over to the #twisted.web channel and a friendly twisted guru pinpointed my issue to a compiled python file. He had me remove my .pyc files for twisted and it fires right up now.

find /usb/usr/lib/python2.7/site-packages/twisted/ -name '*.pyc' -print0 | xargs -0 rm -i[/CODE]

Hopefully it helps someone else if they run into this issue.

Edited by pineapples4fun
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...