Jump to content

Sslstrip Redirect For Non Pineapple Interface Traffic


xiolo
 Share

Recommended Posts

Hi all

I have an MKIV running the latest firmware 2.3.1 and with a usb/swap correctly setup.

I am getting an internet connection via the POE/LAN interface (natting router with an IP of 172.16.42.42), and this all out of the box!

So happy getting Internet connectivity through wireless (connecting to pineapple SSID);

So now I have installed sslstrip via the Pineapple Bar gui, and this my issue:

1) When I am hitting 172.16.42.1 (the pineapple itself), I can see the sslstrip log files filling fine on the usb drive (/usb/data/sslstrip/log/output_XXXX.log) for the refreshed pineapple web gui itself.

2) When I am browsing the web, the connection goes straight through (does not get redirected to tcp 10000 I presume?), and obviously no logs in the ssltrip logs.

sslstrip seems to be running fine on ps -ef | grep sslstrip shows the python /usr/bin/sslstrip -a -k -f -w ... running fine.

Any suggestions? I think I am losing my sanity on this :-)

Link to comment
Share on other sites

See my earlier post on this. By default iptables does not work on a bridge interface for openwrt. see my earlier post on sslstrip on how to fix that.

Frankly I don't see how anyone can get sslstrip working on the Jasager without this fix.

Edited by thaihenry
Link to comment
Share on other sites

See my earlier post on this. By default iptables does not work on a bridge interface for openwrt. see my earlier post on sslstrip on how to fix that.

Frankly I don't see how anyone can get sslstrip working on the Jasager without this fix.

Thanks

Already tried your solution by editing sysctl.conf:

# disable bridge firewalling by default

net.bridge.bridge-nf-call-arptables=1

net.bridge.bridge-nf-call-ip6tables=1

net.bridge.bridge-nf-call-iptables=1

but it look like openwrt does not have support built in for enabling these options (reloading sysctl.conf gives an error message with these keys not being supported).

So no bridging I am afraid with an ethernet interface for me at the moment.

On the other hand, tethering an android phone (usb0), and the built-in sslstrip (from the modules webui) work fine, after entering the following iptables rules:

iptables -t nat -A POSTROUTING -s 172.16.42.0/24 -o usb0 -j MASQUERADE

iptables -A FORWARD -s 172.16.42.0/24 -o usb0 -j ACCEPT

iptables -A FORWARD -d 172.16.42.0/24 -m state --state ESTABLISHED,RELATED -i usb0 -j ACCEPT

Link to comment
Share on other sites

Interesting, I definitely have it working on my wr703n with the latest version of openwrt (development). I am pretty sure I had it working on the Mark4 also.

Did you reboot? I wonder if there are different versions of the firmware? Is your linux version 3.3?

Edited by thaihenry
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...