itsm0ld Posted August 18, 2012 Posted August 18, 2012 I found that this guide worked perfectly if you just remove the entire line for 443. Quote
amoeba Posted August 18, 2012 Posted August 18, 2012 I found that this guide worked perfectly if you just remove the entire line for 443. Will it log https logins then? Quote
itsm0ld Posted August 18, 2012 Posted August 18, 2012 (edited) Will it log https logins then? For me it works perfectly. As a side note I have used sslstrip for a long time and I have never forwarded port 443. Also strait off the authors site: " Running sslstrip Flip your machine into forwarding mode. (echo "1" > /proc/sys/net/ipv4/ip_forward) Setup iptables to redirect HTTP traffic to sslstrip. (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort> " Edited August 18, 2012 by itsm0ld Quote
7ncubane Posted August 18, 2012 Posted August 18, 2012 It's working well for me with both port 80 and 443 being forwarded. Kind of interesting how some people have it working with port 443 forwarded and some without 443 forwarding. My problem with sslstrip and urlsnarf is if I'm running sslstrip and port 80 traffic is being redirected to port 10000, how can urlsnarf get to that traffic. I've tried running both at the same time. I get entries in sslstrip logs but blank urlsnarf logs. Quote
amoeba Posted August 19, 2012 Posted August 19, 2012 (edited) I cant capture twitter logins, i get to the real legit twitter loginpage. And second i getting alot of rubbish data in the logs lite the below: CA3@=衱zSwdFg[?J࿁%=2<pq| $!ݏ@HPTD]vIA82C3`]ڦa*v1`c6h! ?zf(Мޏ(j#aъAФ>R`9FBDӮGg&1wAyP}?֥5AKr_Έ"V}2:`>&b2<?*!H-KIbQ:G,2ap`G\L` >Cj0'{j%(|T0PdA`Ō9s(8[?tkn$ڭQ%N<poG#Gy!\<pqGFro3۠QGأ>(ZOMmpax*íߪS譢V?ˌ=,vO߬#ǤѡA\bnPQ#?!`0[?gf@EDGPZPqar:V;oAS,Cy %op0][az6coj~o$H 4zh4A>]%m@soItrL5q-7'cbIN44x뷷+{ۺU%DRQ/9p`x0>~:Aqp`x0RR*o B`C䐽 !pAXPg;(6!pqv0<omK.TeHEU@р]z8>āE%lFAoS)ߞKi-17n[glkjxTCR{}v[oӧ`E}azES7[4L1-[q2exZFO礽rnJ}>Eܨ!ԉS_ݲpp{cyBÓaX{*u7u=wCKhy$KaԬ?brjjf7\'͈V{Oyt] qNKx=O#$SsדVI[3Qtfw@N$+Zܙ)ե,P:?bBr9#`!%VĔVOWQ*4"MO'.sl[/CODE]Whats up with that? Edited August 19, 2012 by amoeba Quote
itsm0ld Posted August 19, 2012 Posted August 19, 2012 I know that some pages run a simple java app that encodes the POST data even over https just to obfuscate it more. I don't know if that is what you are seeing or not. There was some talk about a clever way to get around this but I don't remember the topic name it came up kinda as a side note. Does it allow you to login? Are you testing with a valid account? Quote
amoeba Posted August 19, 2012 Posted August 19, 2012 I know that some pages run a simple java app that encodes the POST data even over https just to obfuscate it more. I don't know if that is what you are seeing or not. There was some talk about a clever way to get around this but I don't remember the topic name it came up kinda as a side note. Does it allow you to login? Are you testing with a valid account? Yes it does let me login, no pronlem there, but it seems like its not stipping https correctly on some sites? Quote
Mr-Protocol Posted August 19, 2012 Posted August 19, 2012 Keep this in mind. http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security#Applicability Quote
PineDominator Posted August 19, 2012 Posted August 19, 2012 I know that some pages run a simple java app that encodes the POST data even over https just to obfuscate it more. I don't know if that is what you are seeing or not. There was some talk about a clever way to get around this but I don't remember the topic name it came up kinda as a side note. Does it allow you to login? Are you testing with a valid account? WM is working on a keyloger module that will use ettercap, this should do the trick. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.