Jump to content

Sslstrip Logfile Parser


loozr

Recommended Posts

Ok, for some time I have been wondering if it would be possible to clean up the sslstrip logfile a bit to make it easier to read. I first tried some simple grep commands to just get the lines I wanted, and it made it easier to read the logs. However I was not satisfied and searched the net for better solutions. I found a project called logex. This is a python script made by.. I'm not sure who he is, but at least I have linked to his project page :)

This script is actually quite great, it strips only what I'm interested in and creates a html page to view the interesting parts.(although I would like it to print the md5 from sites using that for login)

With that log parser script working I was on my road to hapiness, but thought that it could still be a bit easier, and started to look into the php, and javascript of the sslstrip module. I'm not fully satisfied with my solution, but it's ok for now. Thought I might share if anyone else is interested. And remember, none of what I'm presenting here is mine, I simply put together bits and pieces from things already made by others. Credits goes to the writer of logex, and Whistlemaster for sslstrip module.

Another thing to mention is that I have no clue what I'm doing, I just made it work, so this might not work in your setup. YMMV B)

That said, it would be great if you could share what solutions you are using, or if you have any input regarding the logfiles.

How a logfile usually looks like

46405.jpg

Edited History page

46406.jpg

Cleaned logfile

46407.jpg

To do this yourself.

sslstrip installed on usb.

edited log_ex.py in pastebin

edited sslstrip.js in pastebin

edited sslstrip_actions.php in pastebin

edited sslstrip_data.php in pastebin

Copy/create/edit "log_ex.py" , "sslstrip_actions.php" and "sslstrip_data.php" to "/usb/modules/sslstrip/". The "sslstrip.js" should be created/copied/edited to "/usb/modules/sslstrip/js/".

Finally you create a folder named html, i.e. "/usb/modules/sslstrip/html/"

When you are done you will have to have a logfile you would like to clean(doh), then press Clean, and afterwards View. The .html files is placed inside the html folder(kinda obvious;)

Link to comment
Share on other sites

Although I have not spoken with Whistlemaster about it, I'm afraid this solution won't be part of his module, simply because I'm not sure the writer of logex would agree to this. That said I would be glad if Whistlemaster would integrate something similar into his module! :) Maybe something that's not as hacky ;)

Regarding your problems with sslstrip I can't seem to replicate your difficulties with "/" at the end of URL's... Someone else would have too look at the google toolbar though, since I'm not sure whats going on there..

Link to comment
Share on other sites

  • 4 weeks later...

I'm sorry that you have problems, but since Whistle Master added some more features in his module, why not give that a go?

Or maybe you are only using ssh?

Unfortunately I'm unable to look into this myself right now, but I'll give it a go sometime next week. Do you get some kind of error, or whats the problem?

Link to comment
Share on other sites

  • 5 months later...

Hi,

Has anyone been able to modify this script/install to work with v2.8 firmware.

I have played with the directories (since it installs it into "usbinfusions" from the pineapple bar) but still nothing...

I do not get a html file produced and the following error:

<br />
<b>Warning</b>:  filemtime() [<a href='function.filemtime'>function.filemtime</a>]: Stat failed for /usb/infusions/sslstrip/log/undefined (errno=2 - No such file or directory) in <b>/usb/infusions/sslstrip/sslstrip_actions.php</b> on line <b>47</b><br />
sslstrip undefined [January 01 1970 00:00:00]
<br />
<b>Warning</b>:  file_get_contents(/usb/infusions/sslstrip/log/undefined) [<a href='function.file-get-contents'>function.file-get-contents</a>]: failed to open stream: No such file or directory in <b>/usb/infusions/sslstrip/sslstrip_actions.php</b> on line <b>49</b><br />

It would be great if we had a current log parser that outputted cleanly.... unless there already is one that I haven't found yet...?

Thanks

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...