airman_dopey Posted January 10, 2013 Share Posted January 10, 2013 (edited) Hey guys, I am working on CLI tools to augment the pineapple. One of those tools is to have SSLStrip running on a computer (and ultimately the RPi). Initially this was just a way to learn about the tools provided, but I realized this could be something others may benefit from so I plan on releasing my code. One of the things I am struggling with is when I run my SSLStrip script I want to check prior to any questions asked if SSLStrip is currently running on the machine. My current code for running SSLStrip is this: echo -e "Preparing system for SSLStrip...\c" iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 1000 >/dev/null cd /pentest/web/sslstrip python sslstrip.py -l 1000 & echo "Done" #Followed by the cleanup portion killall sslstrip iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain (Note that I am simply cutting a portion of the code for demonstration purposes. The script looks a bit better than this) What I want to do is see if this has been done prior to running it again and spitting out errors regarding the port number. I have ran "pgrep sslstrip" and nothing has appeared, and looking through the help command of IPTables I cannot see how to check if this has already been done. Thank you for any assistance. -EDIT- I just ran ps -ef and discovered "python sslstrip.py" so that will work. How would I check for the IPTables portion? Edited January 10, 2013 by airman_dopey Quote Link to comment Share on other sites More sharing options...
digip Posted January 10, 2013 Share Posted January 10, 2013 Was going to say run ps -Af | grep sslstrip and see if its running, but that will work too I guess. Quote Link to comment Share on other sites More sharing options...
airman_dopey Posted January 10, 2013 Author Share Posted January 10, 2013 (edited) Regarding finding sslstrip I was able to do the following: PID=$(pgrep -f "python sslstrip") To find the port number it is running on: Port=$(ps -ef | grep -m 1 "python sslstrip.py" | awk -F '-l ' '{ print $2 }') Now if I can find a way to determine if the IPTables have been modified. Thank you for the alternative PS options. I'll check them out. =) EDIT: Finally got it. Thanks! Edited January 11, 2013 by airman_dopey Quote Link to comment Share on other sites More sharing options...
ShadowBlade72 Posted January 14, 2013 Share Posted January 14, 2013 For anyone who may stumble upon this in the future, here was the final solution. PID=$(pgrep -f "sslstrip.py") SSLPORT=$(iptables -t nat -L -n | grep "dpt:" | grep "80" | awk -F"redir ports" '{ print $2 }') Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.