airman_dopey Posted January 10, 2013 Posted January 10, 2013 (edited) Hey guys, I am working on CLI tools to augment the pineapple. One of those tools is to have SSLStrip running on a computer (and ultimately the RPi). Initially this was just a way to learn about the tools provided, but I realized this could be something others may benefit from so I plan on releasing my code. One of the things I am struggling with is when I run my SSLStrip script I want to check prior to any questions asked if SSLStrip is currently running on the machine. My current code for running SSLStrip is this: echo -e "Preparing system for SSLStrip...\c" iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 1000 >/dev/null cd /pentest/web/sslstrip python sslstrip.py -l 1000 & echo "Done" #Followed by the cleanup portion killall sslstrip iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain (Note that I am simply cutting a portion of the code for demonstration purposes. The script looks a bit better than this) What I want to do is see if this has been done prior to running it again and spitting out errors regarding the port number. I have ran "pgrep sslstrip" and nothing has appeared, and looking through the help command of IPTables I cannot see how to check if this has already been done. Thank you for any assistance. -EDIT- I just ran ps -ef and discovered "python sslstrip.py" so that will work. How would I check for the IPTables portion? Edited January 10, 2013 by airman_dopey Quote
digip Posted January 10, 2013 Posted January 10, 2013 Was going to say run ps -Af | grep sslstrip and see if its running, but that will work too I guess. Quote
airman_dopey Posted January 10, 2013 Author Posted January 10, 2013 (edited) Regarding finding sslstrip I was able to do the following: PID=$(pgrep -f "python sslstrip") To find the port number it is running on: Port=$(ps -ef | grep -m 1 "python sslstrip.py" | awk -F '-l ' '{ print $2 }') Now if I can find a way to determine if the IPTables have been modified. Thank you for the alternative PS options. I'll check them out. =) EDIT: Finally got it. Thanks! Edited January 11, 2013 by airman_dopey Quote
ShadowBlade72 Posted January 14, 2013 Posted January 14, 2013 For anyone who may stumble upon this in the future, here was the final solution. PID=$(pgrep -f "sslstrip.py") SSLPORT=$(iptables -t nat -L -n | grep "dpt:" | grep "80" | awk -F"redir ports" '{ print $2 }') Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.