Jump to content

Recommended Posts

yup uninstalled twisted-web and reinstalled and sslstrip is back up and running!!

I tried this and still no love. First I ran:

root@Pineapple:/sd# opkg remove twisted-web --force-depends

Removing package twisted-web from root...

root@Pineapple:/sd# opkg update

Downloading http://cloud.wifipineapple.com/mk5/packages/Packages.gz.

Updated list of available packages in /var/opkg-lists/pineapple_packages.

root@Pineapple:/sd# opkg install twisted-web

Installing twisted-web (2.5.0-1) to root...

Downloading http://cloud.wifipineapple.com/mk5/packages/twisted-web_2.5.0-1_ar71xx.ipk.

Configuring twisted-web.

root@Pineapple:/sd#

Then I tried re-installing sslstrip as an Infusion, but was getting the same behavior (it says it's not installed still).

I then un-installed sslstrip as an infusion, and instead tried installing it with opkg via CLI, but when I run it, now I get this error (which is different than the error I was getting prior to uninstalling and re-installing twisted-web):

root@Pineapple:~# sslstrip

Traceback (most recent call last):

File "/sd/usr/bin/sslstrip", line 30, in <module>

from sslstrip.StrippingProxy import StrippingProxy

ImportError: No module named sslstrip.StrippingProxy

Anyone have any ideas... like many a Pineapple user, I'm a linux newb...so forgive me if I'm missing something obvious. Have been working on getting sslstrip to work for 4 hours now. Tried turning off Karma (and persistance), rebooting. Tried removing and re-installeing twisted-web. And have been scouring the forums and intertubez... help! The demo I need to show my client is simple: Karma running to trick their iOS device into connecting to previously-known SSID. Then just sslstrip running against various iOS app interfaces to see which might be vulnerable to sslstrip attacks (including Safari browser sessions to Facebook, etc.)

I'm running a MKV I just bought on-site at Toorcon yesterday....

Edited by 5h4g
Link to comment
Share on other sites

  • Replies 159
  • Created
  • Last Reply

Top Posters In This Topic

54hg - you're pretty close.

You seem to have gotten twisted-web to be detected... now you just need to get the sslstrip modules in the right location.

Run this, then try "sslstrip" again and post the output.

ln -s /sd/usr/lib/python2.7/site-packages/sslstrip /usr/lib/python2.7/site-packages/
Link to comment
Share on other sites

here's the output after running that command:

root@Pineapple:~# ln -s /sd/usr/lib/python2.7/site-packages/sslstrip /usr/lib/py
thon2.7/site-packages/
root@Pineapple:~# sslstrip
Traceback (most recent call last):
File "/sd/usr/bin/sslstrip", line 30, in <module>
from sslstrip.StrippingProxy import StrippingProxy
File "/usr/lib/python2.7/site-packages/sslstrip/StrippingProxy.py", line 20, in <module>
from ClientRequest import ClientRequest
File "/usr/lib/python2.7/site-packages/sslstrip/ClientRequest.py", line 25, in <module>
from twisted.internet import ssl
File "/usr/lib/python2.7/site-packages/twisted/internet/ssl.py", line 47, in <module>
from OpenSSL import SSL
ImportError: No module named OpenSSL
root@Pineapple:~#

btw, I'm going to be afk busy tonight..but will check back in the am first thing. ty so much for the help so far!

Edited by 5h4g
Link to comment
Share on other sites

You got it man. One more command and you're done.

ln -s /sd/usr/lib/python2.7/site-packages/OpenSSL/ /usr/lib/python2.7/site-packages/

Should work after that.
Link to comment
Share on other sites

I SSH into the pineapple and ran the following. This will definitely fix the sslstrip, I tested it after doing a factory reset and it worked

opkg remove twisted-web --force-depends
opkg update
opkg install twisted-web
ln -s /sd/usr/lib/python2.7/site-packages/sslstrip /usr/lib/python2.7/site-packages/
ln -s /sd/usr/lib/python2.7/site-packages/OpenSSL/ /usr/lib/python2.7/site-packages/
sslstrip
Edited by Jmanuel
Link to comment
Share on other sites

I SSH into the pineapple and ran the following. This will definitely fix the sslstrip, I tested it after doing a factory reset and it worked

opkg remove twisted-web --force-depends
opkg update
opkg install twisted-web
ln -s /sd/usr/lib/python2.7/site-packages/sslstrip /usr/lib/python2.7/site-packages/
ln -s /sd/usr/lib/python2.7/site-packages/OpenSSL/ /usr/lib/python2.7/site-packages/
sslstrip

This worked for me. I can now start sslstrip from console :) , but it still says not installed in web interface...

Link to comment
Share on other sites

Glad my symbolic links could provide some level of assistance here.

That's odd that it would say "not installed" on the web interface... if you run "which sslstrip" on the pineapple - does it return any data?

This is basically how the infusion is determining the installation state of sslstrip.

Edited by leg3nd
Link to comment
Share on other sites

Had the same issue. Thanks to leg3nd, sslstrip now starts up, but doesn't actually work. It's installed to internal mem. I've changed the default network and IP address of the pineapple to 192.168.2.1. Everything works fine on this address, can access internet, can run karma and clients connected through karma can access internet. So networking works.

Installed firefox 16 on victim computer, which doesn't support HSTS just to be safe. Then browsed to www.yahoo.com (so searches are in clear text). Then searched for a site that I know offers SSL. Click on link, link takes me to the SSL version of the site.

Then stopped sslstrip from the gui and ran it from the command line as follows:

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 9999

sslstrip -s -l 9999

Same behaviour. Any ideas?

Link to comment
Share on other sites

I'm not trying to rush you Whistle Master. This was my attempt to teach myself about php and see if I could make it work. I just thought I'd pass on several hours of work to anyone who felt like using it. My only experience with php or any kind of coding is due to the pineapple.

Edit: Deleted original post to avoid confusion per your request… It was still a learning experience for me. I didn't know you were going to drop all of those updates last night right after my post.

Edited by thesugarat
Link to comment
Share on other sites

After a factory resett for some strange reason and installing 1.3, sslstrip starts (still only manually) and then stops but still says 'enabled'. A refresh says its not running.

same problem here

Link to comment
Share on other sites

Could you login to the pineapple through ssh and try to issue sslstrip directly and copy-paste the output you receive ?

Does the infusion state that sslstrip is installed ?

Is this what you mean?

root@Pineapple:~# sslstrip

Traceback (most recent call last):

File "/sd/usr/bin/sslstrip", line 30, in <module>

from sslstrip.StrippingProxy import StrippingProxy

ImportError: No module named sslstrip.StrippingProxy

Link to comment
Share on other sites

I got same result it seems:

root@Pineapple:~# sslstrip
Traceback (most recent call last):
File "/sd/usr/bin/sslstrip", line 30, in <module>
from sslstrip.StrippingProxy import StrippingProxy
ImportError: No module named sslstrip.StrippingProxy
root@Pineapple:~#

I appreciate the effort WM!

Link to comment
Share on other sites

Anode,

Strange question... What happens when you start it from the small tile then enter the big one? Ohh and if you're installing the latest version of sslstrip you shouldn't need to fix the symbolic links as in the previous posts in this thread but the error code sure looks identical.

Edited by thesugarat
Link to comment
Share on other sites

I got same result it seems:

root@Pineapple:~# sslstrip

Traceback (most recent call last):

File "/sd/usr/bin/sslstrip", line 30, in <module>

from sslstrip.StrippingProxy import StrippingProxy

ImportError: No module named sslstrip.StrippingProxy

root@Pineapple:~#

I appreciate the effort WM!

Same Problem here...

Is there yet a workaround known to fix this bug?

Link to comment
Share on other sites

Anode,

Strange question... What happens when you start it from the small tile then enter the big one? Ohh and if you're installing the latest version of sslstrip you shouldn't need to fix the symbolic links as in the previous posts in this thread but the error code sure looks identical.

I did do the symlynk. That cause the prob? (I'm still fuzzy on symlinks)

But here's my output: (I usually start it via the small title)

Not started at all:

root@Pineapple:~# sslstrip
Traceback (most recent call last):
  File "/sd/usr/bin/sslstrip", line 30, in <module>
    from sslstrip.StrippingProxy import StrippingProxy
ImportError: No module named sslstrip.StrippingProxy
root@Pineapple:~#

Started via small title:

root@Pineapple:~# sslstrip
Traceback (most recent call last):
  File "/sd/usr/bin/sslstrip", line 30, in <module>
    from sslstrip.StrippingProxy import StrippingProxy
ImportError: No module named sslstrip.StrippingProxy

Started via large title:

root@Pineapple:~# sslstrip
Traceback (most recent call last):
  File "/sd/usr/bin/sslstrip", line 30, in <module>
    from sslstrip.StrippingProxy import StrippingProxy
ImportError: No module named sslstrip.StrippingProxy
root@Pineapple:~#

I did not reboot the WP between tries.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...