lexieke Posted March 8, 2013 Share Posted March 8, 2013 Hi I received my brand new MK IV a few days ago and I was very very enthusiastic but it gets slow and reboots really often so that it becomes unusuable to me. What I did so far: upgraded to 2.8 before I started anything installed a USB 8GB stick and enabled the USB swap I added the firewall rule to the boot as this was an issue: /etc/init.d/firewall disable; /etc/init.d/firewall stop installed infusions on the stick:SSLStrip URLSnarf When I start I enable Karma and URLSnarf everything seems to work, I get clients and it is logging all URLs When I start SSLStripper everything becomes unusable slow for the client that I'm targetting After a few minutes it reboots I'm happy to start over again, I even prefer using SSH if this is better/faster. Just don't want the clients to notice and be able to use SSLStripper. One other thing I read somewhere: I do notice that some pages in SSL are not working and others are when SSLStripper is enabled. Very strange. Thanks for any input! Quote Link to comment Share on other sites More sharing options...
lexieke Posted March 8, 2013 Author Share Posted March 8, 2013 By the way I was also trying to run SSLStrip from SSH (I did reboot in between) and used this script that I found in another topic: iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000 iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 10000 _now=$(date +"%Y%m%d-%H%M%S") _file="/usb/sslstrip_$_now.log" sslstrip -w $_file Does not seem to help. It did work once, it logged my login to this forum :) Quote Link to comment Share on other sites More sharing options...
telot Posted March 8, 2013 Share Posted March 8, 2013 (edited) Currently you can't/shouldn't run urlsnarf and sslstrip at the same time. They both redirect all the traffic from the bridged interface to themselves. So I'm guessing that is causing your problems. The granddad of the pineapple, Sir Digininja is working on a workaround. You can see more details on this post: http://forums.hak5.org/index.php?/topic/28666-keylogger-module-release/page-2? Just an FYI, you can do tcpdump and sslstrip at the same time, and accomplish the same thing. I do it all day long every day and it works fine with no reboots. Try that and let us know! telot Edited March 8, 2013 by telot Quote Link to comment Share on other sites More sharing options...
lexieke Posted March 8, 2013 Author Share Posted March 8, 2013 (edited) Hey Telot Thanks for your very fast reply. I hope this will be the answer as well, I will try it tonight. I don't want to ask too much here but do you run this on SSH? And do you happen to have a script or could you please outline what the exact order of steps is that you take, and what the commands are? I'm sure this would be a very helpfull guide to many newbies here and well it would save me probably some hours as well to get started :) Another general question: is it normal that browsing gets slower by enabling SSLStripper/tcpdump or should it run quite fast? I'm just thinking if you would run it in a presentation and there are 20 people, will anyone be able to test? Thanks!! Edited March 8, 2013 by lexieke Quote Link to comment Share on other sites More sharing options...
telot Posted March 8, 2013 Share Posted March 8, 2013 I like to run my pineapple as a "headless" sorta thing, so I do it via button press. I run an old firmware, cause I'm old school like that (don't ask, Seb will kick my ass if I encourage people to not upgrade lol) so the wps button still works for me. Maybe its fixed on 2.8? I'm not positive... The commands I use are on the wiki, which should be the first stop for any newbie imho, but I'll link them here for ya. tcpdump: http://forums.hak5.org/index.php?/topic/25695-quicky-how-to-tcpdump-on-markiv/ sslstrip: http://cloud.wifipineapple.com/wiki/doku.php?id=guidesslstrip As for speed, the pineapple has never slowed down due to capturing packets/ssl, but I typically have 2-3 clients, not 20. At SXSW, Darren had like 40+ clients and the pineapple continued ass kicking, so it should be do-able. Anyways, I just put the tcpdump and sslstrip commands into a small script thats tied to my wps button - as an added trick, I have the LED's turn off when the script is run so I have visual confirmation that its working. Then I have a cronjob that sends me an email every 10 minutes with status updates (a how-to is also linked on the wiki) so I can casually check my email on my phone, and no ones the wiser. This is just one way of doing things, and it works well for me. Some people run the stock UI with custom CSS and all the infusions, others run Moriarty's UWUI, which is also pretty awesome and something to check out. The worlds your hacked open oyster with the pineapple, so welcome to the community and be sure to contribute as much as you can! telot Quote Link to comment Share on other sites More sharing options...
Boba Fett Posted March 8, 2013 Share Posted March 8, 2013 I like to run my pineapple as a "headless" sorta thing, so I do it via button press. I run an old firmware, cause I'm old school like that (don't ask, Seb will kick my ass if I encourage people to not upgrade lol) so the wps button still works for me. Maybe its fixed on 2.8? I'm not positive... The commands I use are on the wiki, which should be the first stop for any newbie imho, but I'll link them here for ya. tcpdump: http://forums.hak5.org/index.php?/topic/25695-quicky-how-to-tcpdump-on-markiv/ sslstrip: http://cloud.wifipineapple.com/wiki/doku.php?id=guidesslstrip As for speed, the pineapple has never slowed down due to capturing packets/ssl, but I typically have 2-3 clients, not 20. At SXSW, Darren had like 40+ clients and the pineapple continued ass kicking, so it should be do-able. Anyways, I just put the tcpdump and sslstrip commands into a small script thats tied to my wps button - as an added trick, I have the LED's turn off when the script is run so I have visual confirmation that its working. Then I have a cronjob that sends me an email every 10 minutes with status updates (a how-to is also linked on the wiki) so I can casually check my email on my phone, and no ones the wiser. This is just one way of doing things, and it works well for me. Some people run the stock UI with custom CSS and all the infusions, others run Moriarty's UWUI, which is also pretty awesome and something to check out. The worlds your hacked open oyster with the pineapple, so welcome to the community and be sure to contribute as much as you can! telot WOW Can you teach us that scripts? Tutorial time? Quote Link to comment Share on other sites More sharing options...
telot Posted March 8, 2013 Share Posted March 8, 2013 I've probably posted it already, but searching on these forums is pretty fubar, so I couldn't find it. Unfortunately I borrowed my pineapple to a colleague, so I can't just dial in and grab it. I'll send him a note and see if he can send it to me. Really it was pretty easy if I recall...I'm sure anyone can hack it together. Give it a try and post your results! Learning time! telot Quote Link to comment Share on other sites More sharing options...
lexieke Posted March 9, 2013 Author Share Posted March 9, 2013 So I installed SSLStrip as only infusion from SSH and this gave no errors. I than created this script to start it: iptables -t nat -A PREROUTING -p tcp -destination-port 80 -j REDIRECT -to-ports 10000 iptables -t nat -A PREROUTING -p tcp -destination-port 443 -j REDIRECT -to-ports 10000 sslstrip -w /usb/sslstrip.log & where it will throw me these errors: root@Pineapple:/usb# ./runSSLStrip Bad argument `80' Try `iptables -h' or 'iptables --help' for more information. Bad argument `443' Try `iptables -h' or 'iptables --help' for more information. root@Pineapple:/usb# Traceback (most recent call last): File "/usb/usr/bin/sslstrip", line 27, in <module> from twisted.web import http File "/usb/usr/lib/python2.7/site-packages/twisted/__init__.py", line 22, in <module> raise ImportError("you need zope.interface installed " ImportError: you need zope.interface installed (http://zope.org/Products/ZopeInterface/) I am running this from /USB. I than installed SSLStrip (without removing it) from the Bar and it installed in 1 sec. I pressed run and everything was working as it should. Anyone care to explain so I understand what my error is? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.