Jump to content

Recommended Posts

@cheeto

This is correct.

Another problem: After shutting down SSLstrip all clients loose internet connection because the ip table rule for SSLstrip is not correctly deleted. I put the following content to the actions.php in the SSLstrip infusion:

File: /pineapple/components/infusions/sslstrip/includes/actions.php

after: "if (isset($_GET['stop']))"

insert: "exec("iptables -t nat -D PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000");"

to ensure that the this route is deleted correctly. now the clients get internet access. maybe the Hak5 Team can add this in the next version ?

Cheers,

DarkPringles

Link to post
Share on other sites
  • Replies 159
  • Created
  • Last Reply

Top Posters In This Topic

The infusion is already deleting the rules when you hit the stop button, so you don't need to change anything yourself. However, I will make sure that it's still working correctly in latest version of the firmware.

As a general matter of fact, I recommend, to avoid changing infusions yourself, otherwise it's getting very difficult for infusion dev to provide any support ! I suggest to get in contact with the dev by PM and suggest the modifications, which could then be integrated into next version.

EDIT:

I've checked again and it's working correctly, the rules are correctly deleted by the infusion:

root@Pineapple:~# iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
root@Pineapple:~# iptables -t nat --line-numbers -n -L | grep 80 | grep 10000
2    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 10000 
root@Pineapple:~# iptables -t nat -D PREROUTING 2
root@Pineapple:~# iptables -t nat --line-numbers -n -L | grep 80 | grep 10000 | awk {'print $1'}
root@Pineapple:~# 
Edited by Whistle Master
Link to post
Share on other sites
  • 2 weeks later...
  • 3 weeks later...

Hi, I'm having constant problems with sslstrip on my MKV. I did notice that the stop action did not remove the rules from iptables.. not sure why, I don't see anything wrong with the the script. I added a line to remove them as mentioned above and that fixed it.

However, I'm still having issues. When it's running, all traffic from port 80 is redirected, but any traffic which is forwarded to the SSL page and stripped by sslstrip, is not forwarded correctly. Instead the browser hangs until timeout.

Here is what I see in the log.. using facebook as the example, but this happens on all websites forwarding to the ssl version. I've cleared the cache and cookies as well.

2014-10-20 18:20:52,297 Resolving host: www.facebook.com
2014-10-20 18:20:52,299 Host cached.
2014-10-20 18:20:52,303 Resolved host successfully: www.facebook.com -> 31.13.73.145
2014-10-20 18:20:52,306 Sending request via SSL...
2014-10-20 18:20:52,340 HTTP connection made.
2014-10-20 18:20:52,343 Sending Request: GET /
2014-10-20 18:20:52,346 Sending header: accept-language : en-us
2014-10-20 18:20:52,349 Sending header: host : www.facebook.com
2014-10-20 18:20:52,352 Sending header: accept : text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
2014-10-20 18:20:52,355 Sending header: user-agent : Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53
2014-10-20 18:20:52,359 Sending header: dnt : 1
2014-10-20 18:20:52,362 Sending header: connection : keep-alive
(times out here)
Hitting CTRL-C immediately serves a blank page to the browser... so I know it's SSL strip waiting for a response.
Also, after running for awhile, I see a massive amount of virtual memory used by sslstrip. See screenshot.

post-48772-0-68863700-1413829725_thumb.p

Edited by mykrowyre
Link to post
Share on other sites

Of course! I still have the issues that the clients recieve a timeout with sslstrip.

The Load on the pineapple is growing > 10 and then the pineappe reboots.

That's the main problem of the whole Pineapple concept that it does not have enough CPU/RAM to handle all the services.

Link to post
Share on other sites

I tested sslstrip again. After I enabled the infusion the client ends in timeout and can't surf anymore. Load was ~1.80 and should not be the problem. Sslstrip process used 25% CPU.

I need to restart the pineapple to get internet working. To disable the infusion only does not help.

Will check the iptables before and after.

Link to post
Share on other sites

I tested sslstrip again. After I enabled the infusion the client ends in timeout and can't surf anymore. Load was ~1.80 and should not be the problem. Sslstrip process used 25% CPU.

I need to restart the pineapple to get internet working. To disable the infusion only does not help.

Will check the iptables before and after.

The ip tables del does not work in the stop script, not sure why, the command is correct. Once I added my own iptables delete it fixed the problem with the internet not working after sslstrip is stopped, but sslstrip still overloads the pineapple.

Link to post
Share on other sites

Helo,

i activated karma and SSL strip but ssl strip does not show me any data. It shows only sslstrip output_1414865630.log [November 01 2014 15:13:57]. Must i enable PineAP, too? When i try to login with my mobile phone to amazon, facebook or so on, there is nothing show in the sslstrip output. Can anyone explain me why?

Link to post
Share on other sites

For this to work you also need a DNS server that can reverse the changes from the proxy.

People keep saying this but does this mean that this is going to be impossible to work on the Pineapple? Is not one working on porting it?

Link to post
Share on other sites
  • 2 weeks later...

Hey WM,

I was able to reproduce the following today as well. The rule was removed, but it wasn't. Let me explain below....

The infusion is already deleting the rules when you hit the stop button, so you don't need to change anything yourself. However, I will make sure that it's still working correctly in latest version of the firmware.

As a general matter of fact, I recommend, to avoid changing infusions yourself, otherwise it's getting very difficult for infusion dev to provide any support ! I suggest to get in contact with the dev by PM and suggest the modifications, which could then be integrated into next version.

EDIT:

I've checked again and it's working correctly, the rules are correctly deleted by the infusion:

root@Pineapple:~# iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
root@Pineapple:~# iptables -t nat --line-numbers -n -L | grep 80 | grep 10000
2    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 10000 
root@Pineapple:~# iptables -t nat -D PREROUTING 2
root@Pineapple:~# iptables -t nat --line-numbers -n -L | grep 80 | grep 10000 | awk {'print $1'}
root@Pineapple:~# 

1. I dumped my info from iptables prior to starting sslstrip infusion. Everything looks ok.

root@Pineapple:~# iptables -t nat --line-numbers -n -L
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    delegate_prerouting  all  --  0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    MASQUERADE  all  --  172.16.42.0/24       0.0.0.0/0           
2    delegate_postrouting  all  --  0.0.0.0/0            0.0.0.0/0           

Chain delegate_postrouting (1 references)
num  target     prot opt source               destination         
1    postrouting_rule  all  --  0.0.0.0/0            0.0.0.0/0           /* user chain for postrouting */ 
2    zone_lan_postrouting  all  --  0.0.0.0/0            0.0.0.0/0           
3    zone_wan_postrouting  all  --  0.0.0.0/0            0.0.0.0/0           
4    zone_usb_postrouting  all  --  0.0.0.0/0            0.0.0.0/0           
5    zone_wan2_postrouting  all  --  0.0.0.0/0            0.0.0.0/0           

Chain delegate_prerouting (1 references)
num  target     prot opt source               destination         
1    prerouting_rule  all  --  0.0.0.0/0            0.0.0.0/0           /* user chain for prerouting */ 
2    zone_lan_prerouting  all  --  0.0.0.0/0            0.0.0.0/0           
3    zone_wan_prerouting  all  --  0.0.0.0/0            0.0.0.0/0           
4    zone_usb_prerouting  all  --  0.0.0.0/0            0.0.0.0/0           
5    zone_wan2_prerouting  all  --  0.0.0.0/0            0.0.0.0/0           

Chain postrouting_lan_rule (1 references)
num  target     prot opt source               destination         

Chain postrouting_rule (1 references)
num  target     prot opt source               destination         

Chain postrouting_usb_rule (1 references)
num  target     prot opt source               destination         

Chain postrouting_wan2_rule (1 references)
num  target     prot opt source               destination         

Chain postrouting_wan_rule (1 references)
num  target     prot opt source               destination         

Chain prerouting_lan_rule (1 references)
num  target     prot opt source               destination         

Chain prerouting_rule (1 references)
num  target     prot opt source               destination         

Chain prerouting_usb_rule (1 references)
num  target     prot opt source               destination         

Chain prerouting_wan2_rule (1 references)
num  target     prot opt source               destination         

Chain prerouting_wan_rule (1 references)
num  target     prot opt source               destination         

Chain zone_lan_postrouting (1 references)
num  target     prot opt source               destination         
1    postrouting_lan_rule  all  --  0.0.0.0/0            0.0.0.0/0           /* user chain for postrouting */ 

Chain zone_lan_prerouting (1 references)
num  target     prot opt source               destination         
1    prerouting_lan_rule  all  --  0.0.0.0/0            0.0.0.0/0           /* user chain for prerouting */ 

Chain zone_usb_postrouting (1 references)
num  target     prot opt source               destination         
1    postrouting_usb_rule  all  --  0.0.0.0/0            0.0.0.0/0           /* user chain for postrouting */ 
2    MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0           

Chain zone_usb_prerouting (1 references)
num  target     prot opt source               destination         
1    prerouting_usb_rule  all  --  0.0.0.0/0            0.0.0.0/0           /* user chain for prerouting */ 

Chain zone_wan2_postrouting (1 references)
num  target     prot opt source               destination         
1    postrouting_wan2_rule  all  --  0.0.0.0/0            0.0.0.0/0           /* user chain for postrouting */ 
2    MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0           

Chain zone_wan2_prerouting (1 references)
num  target     prot opt source               destination         
1    prerouting_wan2_rule  all  --  0.0.0.0/0            0.0.0.0/0           /* user chain for prerouting */ 

Chain zone_wan_postrouting (1 references)
num  target     prot opt source               destination         
1    postrouting_wan_rule  all  --  0.0.0.0/0            0.0.0.0/0           /* user chain for postrouting */ 
2    MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0           

Chain zone_wan_prerouting (1 references)
num  target     prot opt source               destination         
1    prerouting_wan_rule  all  --  0.0.0.0/0            0.0.0.0/0           /* user chain for prerouting */ 

2. I start sslstrip and then check the iptables again. We can see the redirect added by sslstript.

root@Pineapple:~# iptables -t nat --line-numbers -n -L | grep 80
2    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 10000 

3. I clicked stop through the infusion, it should have removed all redirects of tcp port 80 to 10000. But it has not. Instead the number has just changed to 1 from 2.

root@Pineapple:~# iptables -t nat --line-numbers -n -L | grep 80
1    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 10000 

4. I had to run in command line "root@Pineapple:~# iptables -t nat -D PREROUTING 1" to remove the record.

Hope this helps for you to figure out the issue.

Link to post
Share on other sites
  • 2 weeks later...
  • 3 weeks later...

I tested sslstrip again. After I enabled the infusion the client ends in timeout and can't surf anymore. Load was ~1.80 and should not be the problem. Sslstrip process used 25% CPU.

I need to restart the pineapple to get internet working. To disable the infusion only does not help.

Will check the iptables before and after.

I'm also having this issue everything works fine until I start sslstrip. The internet connection becomes really slow and falls away after a while. Then the pineapple just restarts for some reason.

Link to post
Share on other sites

Maybe edit the infusion to start sslstrip with a lower priority? Also the infusion writes its output to a log, and if it bemoes rather large especially with verbose logging enabled, it becomes a hassle to manage it as such and pineapple slows down. In my tests, using it via CLI greatly increases in performance for me anyways

Link to post
Share on other sites
  • 2 weeks later...

I'm also having this issue everything works fine until I start sslstrip. The internet connection becomes really slow and falls away after a while. Then the pineapple just restarts for some reason.

Just got my MKV and was interested in trying out this infusion and ran into the same issue. Start sslstrip and go to a website to test it.

Website refuses to load and then the Pineapple restarts, same issue as Exploit. It's a shame because the demo Darren did with this infusion made it seem really interesting and useful. The logs show that the HTTP connection is made but nothing is shown to the browser.

Link to post
Share on other sites

Correct me if im wrong, but sslstrip is not really worth using anymore because of HSTS.

Until there is some kind of workaround, we might as well wait.

Of course there are some old websites still out that are still using http. (instead of https)

cheers.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...