Jump to content

See if SSLStrip is running

airman_dopey

By airman_dopey
in Applications & Coding

 Share

Recommended Posts

airman_dopey Newbie

airman_dopey

Posted
Posted (edited)

Hey guys,

I am working on CLI tools to augment the pineapple. One of those tools is to have SSLStrip running on a computer (and ultimately the RPi). Initially this was just a way to learn about the tools provided, but I realized this could be something others may benefit from so I plan on releasing my code.

One of the things I am struggling with is when I run my SSLStrip script I want to check prior to any questions asked if SSLStrip is currently running on the machine. My current code for running SSLStrip is this:

echo -e "Preparing system for SSLStrip...\c"
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 1000 >/dev/null
cd /pentest/web/sslstrip
python sslstrip.py -l 1000 &
echo "Done"

#Followed by the cleanup portion

killall sslstrip
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain

(Note that I am simply cutting a portion of the code for demonstration purposes. The script looks a bit better than this)

What I want to do is see if this has been done prior to running it again and spitting out errors regarding the port number. I have ran "pgrep sslstrip" and nothing has appeared, and looking through the help command of IPTables I cannot see how to check if this has already been done.

Thank you for any assistance.

-EDIT- I just ran ps -ef and discovered "python sslstrip.py" so that will work. How would I check for the IPTables portion?

Edited by airman_dopey
digip Newbie

digip

Posted
Posted

Was going to say run ps -Af | grep sslstrip and see if its running, but that will work too I guess.

airman_dopey Newbie

airman_dopey

Posted
  • Author
Posted (edited)

Regarding finding sslstrip I was able to do the following:

PID=$(pgrep -f "python sslstrip")

To find the port number it is running on:

Port=$(ps -ef | grep -m 1 "python sslstrip.py" | awk -F '-l ' '{ print $2 }')

Now if I can find a way to determine if the IPTables have been modified. Thank you for the alternative PS options. I'll check them out. =)

EDIT: Finally got it. Thanks!

Edited by airman_dopey
ShadowBlade72 Newbie

ShadowBlade72

Posted
Posted

For anyone who may stumble upon this in the future, here was the final solution.

PID=$(pgrep -f "sslstrip.py")
SSLPORT=$(iptables -t nat -L -n | grep "dpt:" | grep "80" | awk -F"redir ports" '{ print $2 }')

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...