Jump to content

See if SSLStrip is running


Recommended Posts

Hey guys,

I am working on CLI tools to augment the pineapple. One of those tools is to have SSLStrip running on a computer (and ultimately the RPi). Initially this was just a way to learn about the tools provided, but I realized this could be something others may benefit from so I plan on releasing my code.

One of the things I am struggling with is when I run my SSLStrip script I want to check prior to any questions asked if SSLStrip is currently running on the machine. My current code for running SSLStrip is this:

echo -e "Preparing system for SSLStrip...\c"
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 1000 >/dev/null
cd /pentest/web/sslstrip
python sslstrip.py -l 1000 &
echo "Done"

#Followed by the cleanup portion

killall sslstrip
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain

(Note that I am simply cutting a portion of the code for demonstration purposes. The script looks a bit better than this)

What I want to do is see if this has been done prior to running it again and spitting out errors regarding the port number. I have ran "pgrep sslstrip" and nothing has appeared, and looking through the help command of IPTables I cannot see how to check if this has already been done.

Thank you for any assistance.

-EDIT- I just ran ps -ef and discovered "python sslstrip.py" so that will work. How would I check for the IPTables portion?

Edited by airman_dopey
Link to comment
Share on other sites

Was going to say run ps -Af | grep sslstrip and see if its running, but that will work too I guess.

Link to comment
Share on other sites

Regarding finding sslstrip I was able to do the following:

PID=$(pgrep -f "python sslstrip")

To find the port number it is running on:

Port=$(ps -ef | grep -m 1 "python sslstrip.py" | awk -F '-l ' '{ print $2 }')

Now if I can find a way to determine if the IPTables have been modified. Thank you for the alternative PS options. I'll check them out. =)

EDIT: Finally got it. Thanks!

Edited by airman_dopey
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...