Full Sslstrip Guide

[itsm0ld]

I found that this guide worked perfectly if you just remove the entire line for 443.

[amoeba]

I found that this guide worked perfectly if you just remove the entire line for 443.

Will it log https logins then?

[itsm0ld]

Will it log https logins then?

For me it works perfectly. As a side note I have used sslstrip for a long time and I have never forwarded port 443. Also strait off the authors site:

"

Running sslstrip

• Flip your machine into forwarding mode. (echo "1" > /proc/sys/net/ipv4/ip_forward)
  
• Setup iptables to redirect HTTP traffic to sslstrip. (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>
  

"

Edited August 18, 2012 by itsm0ld

[7ncubane]

It's working well for me with both port 80 and 443 being forwarded. Kind of interesting how some people have it working with port 443 forwarded and some without 443 forwarding.

My problem with sslstrip and urlsnarf is if I'm running sslstrip and port 80 traffic is being redirected to port 10000, how can urlsnarf get to that traffic. I've tried running both at the same time. I get entries in sslstrip logs but blank urlsnarf logs.

[amoeba]

I cant capture twitter logins, i get to the real legit twitter loginpage.

And second i getting alot of rubbish data in the logs lite the below:

CA3@=衱zSwdFg[?J࿁%=2<pq|  $!ݏ@HP
TD]vIA82C3`]ڦa*v
1`c6h! ?zf(Мޏ(j#aъAФ>R`9FBDӮGg&1wAyP}?֥5AKr_Έ"V}2:`>&b2͸<?*!H
-KIbQ:G,2ap`G\L` >Cj0'{j%(|T0PdA`Ō9s(8[?tkn$ڭQ%N<poG#Gy!\<pqGFro3۠QGأ>(ZOMmpax
*íߪS譢V?ˌ=,vO߬#ǤѡA\bnPQ#?!`0[?gf@EDGPZPqar:V;oAS,Cy %op0׍][az6coj~o$H 4zh4A>]%
m@soItr಩L5q
-7
'cb޻IN44x뷷+{ۺU%DRQ
/9p`x0>~:Aqp`x0RR*o B`C䐽 !pAXPg;(6!pqv0<omK.TeHEU@р]z8>āE%lFAoS)ߞKi-17n[glkjxTCR{}v[oӧ`E}
azES7[4L1-
[q2exZFO礽rnJ}>Eܨ!ԉS_ݲpp{cyBÓaX{*u7u=wCKhy$KaԬ?br
jjf7\'͈V{Oyt] qNKx=O#$SsדVI[3Qtfw@N$+Zܙ)ե,P:?bBr9#`!%VĔVOWQ*4"MO'.sl
[/CODE]

Whats up with that?

Edited August 19, 2012 by amoeba

[itsm0ld]

I know that some pages run a simple java app that encodes the POST data even over https just to obfuscate it more. I don't know if that is what you are seeing or not. There was some talk about a clever way to get around this but I don't remember the topic name it came up kinda as a side note.

Does it allow you to login? Are you testing with a valid account?

[amoeba]

I know that some pages run a simple java app that encodes the POST data even over https just to obfuscate it more. I don't know if that is what you are seeing or not. There was some talk about a clever way to get around this but I don't remember the topic name it came up kinda as a side note.

Does it allow you to login? Are you testing with a valid account?

Yes it does let me login, no pronlem there, but it seems like its not stipping https correctly on some sites?

[Mr-Protocol]

Keep this in mind.

http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security#Applicability

[PineDominator]

I know that some pages run a simple java app that encodes the POST data even over https just to obfuscate it more. I don't know if that is what you are seeing or not. There was some talk about a clever way to get around this but I don't remember the topic name it came up kinda as a side note.

Does it allow you to login? Are you testing with a valid account?

WM is working on a keyloger module that will use ettercap, this should do the trick.