Jump to content

Pipe Squid Though Sslstrip


vdub
 Share

Recommended Posts

I have a dilemma. I am playing around with arp poisoning with squid to flip images and other senseless stuff. The problem is it does not work on ssl sites.

I want to run all the arp poisoned traffic though sslstrip first and then though squid before its returned to the victims browser. I currently have all port 80 traffic redirected to port 3128 for squid. However I can't seam to figure out how to send all traffic though sslstrip first. I was reading a little about chaining proxy’s but kind of got lost.

Or maybe I am completely off base and this will not work.

Any ideas?

Edited by vdub
Link to comment
Share on other sites

I have a dilemma. I am playing around with arp poisoning with squid to flip images and other senseless stuff. The problem is it does not work on ssl sites.

I want to run all the arp poisoned traffic though sslstrip first and then though squid before its returned to the victims browser. I currently have all port 80 traffic redirected to port 3128 for squid. However I can't seam to figure out how to send all traffic though sslstrip first. I was reading a little about chaining proxy’s but kind of got lost.

Or maybe I am completely off base and this will not work.

Any ideas?

IMHO, drop the proxy and read up on ettercap.

Link to comment
Share on other sites

IMHO, drop the proxy and read up on ettercap.

Will do, thanks for the tip.

I honestly have abandoned the entire experiment until I have more time to devote to it. I played with it for about a week and did some really cool stuff but the ssl really put the brakes on it. many sites are starting to use ssl. Like Google for instance is running everything though ssl now.

Basically what I am doing is trying to get the android app "network spoofer" working in native Linux. So far I have it working great and have written quite a few scripts that go way beyond what the Android app does. My favorite one uses archive.org to make every site the user visits the way it looked in 2000. Its funny as hell but ssl has really been messing up the fun. That's why I want to make ssl strip work along side squid.

Its just one of those time wasters that I think would be fun to play with but another problem I am having is the scripts are almost to much for my netbook to handle. Like the time machine scrip crashes after a few minutes and arpspoof stops working. Once I get some important work caught up I will devote some more time to it and actually write a paper on what I am doing. What would be really cool is if this could be used with a pineapple to really cause some trouble. I still need to purchase myself a pineapple but right now I cant justify the cost. Maybe once I start working on this project again I will have a reason to get one.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...