Jump to content

Recommended Posts

Posted (edited)

Will it log https logins then?

For me it works perfectly. As a side note I have used sslstrip for a long time and I have never forwarded port 443. Also strait off the authors site:

"

Running sslstrip

  • Flip your machine into forwarding mode. (echo "1" > /proc/sys/net/ipv4/ip_forward)
  • Setup iptables to redirect HTTP traffic to sslstrip. (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>

"

Edited by itsm0ld
Posted

It's working well for me with both port 80 and 443 being forwarded. Kind of interesting how some people have it working with port 443 forwarded and some without 443 forwarding.

My problem with sslstrip and urlsnarf is if I'm running sslstrip and port 80 traffic is being redirected to port 10000, how can urlsnarf get to that traffic. I've tried running both at the same time. I get entries in sslstrip logs but blank urlsnarf logs.

Posted (edited)

I cant capture twitter logins, i get to the real legit twitter loginpage.

And second i getting alot of rubbish data in the logs lite the below:


CA3@=衱zSwdFg[?J࿁%=2<pq| $!ݏ@HP
TD]vIA82C3`]ڦa*v
1`c6h! ?zf(Мޏ(j#aъAФ>R`9FBDӮGg&1wAyP}?֥5AKr_Έ"V}2:`>&b2͸<?*!H
-KIbQ:G,2ap`G\L` >Cj0'{j%(|T0PdA`Ō9s(8[?tkn$ڭQ%N<poG#Gy!\<pqGFro3۠QGأ>(ZOMmpax
*íߪS譢V?ˌ=,vO߬#ǤѡA\bnPQ#?!`0[?gf@EDGPZPqar:V;oAS,Cy %op0׍][az6coj~o$H 4zh4A>]%
m@soItr಩L5q
-7
'cb޻IN44x뷷+{ۺU%DRQ
/9p`x0>~:Aqp`x0RR*o B`C䐽 !pAXPg;(6!pqv0<omK.TeHEU@р]z8>āE%lFAoS)ߞKi-17n[glkjxTCR{}v[oӧ`E}
azES7[4L1-
[q2exZFO礽rnJ}>Eܨ!ԉS_ݲpp{cyBÓaX{*u7u=wCKhy$KaԬ?br
jjf7\'͈V{Oyt] qNKx=O#$SsדVI[3Qtfw@N$+Zܙ)ե,P:?bBr9#`!%VĔVOWQ*4"MO'.sl
[/CODE]

Whats up with that?

Edited by amoeba
Posted

I know that some pages run a simple java app that encodes the POST data even over https just to obfuscate it more. I don't know if that is what you are seeing or not. There was some talk about a clever way to get around this but I don't remember the topic name it came up kinda as a side note.

Does it allow you to login? Are you testing with a valid account?

Posted

I know that some pages run a simple java app that encodes the POST data even over https just to obfuscate it more. I don't know if that is what you are seeing or not. There was some talk about a clever way to get around this but I don't remember the topic name it came up kinda as a side note.

Does it allow you to login? Are you testing with a valid account?

Yes it does let me login, no pronlem there, but it seems like its not stipping https correctly on some sites?

Posted

I know that some pages run a simple java app that encodes the POST data even over https just to obfuscate it more. I don't know if that is what you are seeing or not. There was some talk about a clever way to get around this but I don't remember the topic name it came up kinda as a side note.

Does it allow you to login? Are you testing with a valid account?

WM is working on a keyloger module that will use ettercap, this should do the trick.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...