Problem: Using Sslstrip With A Rogue Ap

[Ech3l0n]

I have used airbase-ng, two adapters and bridging to setup a rough AP, all is working well. I am able to connect to my rogue AP with another pc, and it passes the traffic from my rough ap on mon0 to my eth1 interface seamlessly. I am able to sniff the traffic via the at0 interface created by airbase-ng. Next I was trying to setup SSLstrip between the two interfaces to grab passwords when I came across this problem.

Turned on ipv4 forwarding:

# echo 1 > /proc/sys/net/ipv4/ip_forward

At this point the rogue ap is still working, my victim is still connected to the internet.

Next I use IP tables to forward all port 80 traffic to SSL strips default listening port of 10000.

# iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

Now I start up SSLstrip.

# python sslstrip.py -l 10000 -w sslpwords

At this point my victim loses its internet connection. Actually just port 80 that was forwarded to SSLstrip, i can still SSH etc. So the issues seems to be that SSLstrip/IP tables is not forwarding on the data. Is it possible that it is an issue with having multiple interfaces up? This worked with a simple ARP spoof attack with a single interface, but maybe SSLstrip does not know to forward the data back out eth1? There are several scripts that do all of this automatically, but I would rather learn the attack from a less automated perspective prior to using a python script to do it all for me. I have combed through the scripts trying to figure out how they implement this attack but have not gotten far. Best I can tell is I need to do some additional work with IP tables to get the data that is send to SSLstrip back to the internet connected interface. Any help is appreciated.

Ech3l0n