BadB Posted December 19, 2013 Share Posted December 19, 2013 I have two issues. The first is Karma. It is working, however once clients connect, though it shows the columns, no data is listed for the clients. I can still see the details in the log, but... The second issue is sslstrip. I am experimenting using my Android and Chrome on several sites (specifically trying to spot the attack). However it seems that I am still getting HTTPs in Chrome, and I get no output from sslstrip. I also get no output if I stop the infusion and run the command by had: root@Pineapple:/sd/infusions/sslstrip/includes# sslstrip -kfas sslstrip 0.9 by Moxie Marlinspike running... I have also tried IE8 on a notebook with no luck. I am using a brand new Mark V. Firmware Version: 1.0.4 Quote Link to comment Share on other sites More sharing options...
BadB Posted December 19, 2013 Author Share Posted December 19, 2013 Additional note, I have tried installing sslstrip both on the internal and external storage. Is it installed on the SD card at this time. Quote Link to comment Share on other sites More sharing options...
utopia39 Posted December 20, 2013 Share Posted December 20, 2013 Hi there, same error and same problem Quote Link to comment Share on other sites More sharing options...
BadB Posted December 20, 2013 Author Share Posted December 20, 2013 I found another post talking about similar issues in an other firmware. It seems for them the new firmware fixed the issue. I started on the new firmware and have the issue. :/ Hmm.... Quote Link to comment Share on other sites More sharing options...
Ingsoc Posted December 20, 2013 Share Posted December 20, 2013 I'm able to get sslstrip to function, but entering addresses via the omnibar in chrome will default to the https version if available. Chrome connects initially to the https link, so there is no 'link on a page' for sslstrip to replace with a http version. Can you provide a list of sites you are testing, and the method of connecting? I'll test on my device to compare. Quote Link to comment Share on other sites More sharing options...
BadB Posted December 21, 2013 Author Share Posted December 21, 2013 .. Yes, I want to go to the HTTPs version of a site, otherwise there is nothing to strip. The sslstrip will then re-direct my clients request to a “fake” HTTP version, no? If simply bookmarking the HTTPs version of a site is all that is needed, then I don’t have too much to worry about. That is unless I have miss-understanding the process. Quote Link to comment Share on other sites More sharing options...
Ingsoc Posted December 23, 2013 Share Posted December 23, 2013 SSLstrip substitutes all HTTPS requests with HTTP links. This functions because requests originating in an HTTP session are insecure, and we are able to see the destination of the HTTPS request. However, if you directly connect to a HTTPS page, there is no substitution to take place, as the HTTPS session is not initiated from an insecure session, and we are not able to see the information needed to make the substitution. What chrome tends to do is take the omnibar input of 'facebook.com', and connects the user directly to https://www.facebook.com, rather than the insecure destination. This way, users are not affected, but are taken to the secure versions of pages seamlessly, directly countering our usage of SSLstrip. What would work, for example, is a user on http://www.google.com searching 'facebook'. All the HTTPS link results are substituted by SSLstrip for HTTP links, and the connection to facebook is made through our insecure MiTM attack. Hopefully that makes a bit more sense. There may be some things that are not perfectly accurate about this, but it is a good overview. Quote Link to comment Share on other sites More sharing options...
BadB Posted December 24, 2013 Author Share Posted December 24, 2013 Ok, well that means I have less to worry about then. :) I am adding in some detection into a site I work on. However, even going to a search engine (using HTTP only) and searching for facebook I do not get a replaced link. :/ I tried several combinations and methods (including making my own HTML page on a local server), no go... I also tried both from my Android and Chrome book. I get taken to an HTTPs page right away. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted December 24, 2013 Share Posted December 24, 2013 It depends on the site. This may be the culprit http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security Quote Link to comment Share on other sites More sharing options...
BadB Posted December 24, 2013 Author Share Posted December 24, 2013 Well, that looks interesting! Thanks. :) I will continue my testing another day. Thanks everyone, enjoy the holidays! Quote Link to comment Share on other sites More sharing options...
BadB Posted January 4, 2014 Author Share Posted January 4, 2014 Ok, to revive this topic. Here is my process, and still no luck. Create a local HTTP server with a test HTML. Add a link to https://www.facebook.com Start SSL Strip. Load the test page using in the victim browser. Check the link, it still reports HTTPs. Now from my understanding this should be replaced with an HTTP link. Quote Link to comment Share on other sites More sharing options...
Elliot# Posted January 14, 2014 Share Posted January 14, 2014 Any one else having any luck with SSL Strip ? I am running current ver 1.5 and can only get it to work with Ebay and Hotmail in my tests ! I can not get it to work with Facebook or Gmail ? any one else experiencing the same or is it my config ? Quote Link to comment Share on other sites More sharing options...
awskier08 Posted January 14, 2014 Share Posted January 14, 2014 you could try running a wireshark and see if you do pages from the pineapple with http and not https Quote Link to comment Share on other sites More sharing options...
Lockon Posted January 14, 2014 Share Posted January 14, 2014 Any one else having any luck with SSL Strip ? I am running current ver 1.5 and can only get it to work with Ebay and Hotmail in my tests ! I can not get it to work with Facebook or Gmail ? any one else experiencing the same or is it my config ? Remember that SSLstrip isn't guaranteed to work on all sites. Look up "HSTS" and you'll see that there are measures in place to thwart SSLstrip-based compromising. Quote Link to comment Share on other sites More sharing options...
hidemyip Posted January 17, 2014 Share Posted January 17, 2014 when doing the karma over wifi from acesspoint to victim i got problem, do i have to change from br-lan to wlan0 or wlan1 ? and how to do it whit a usb internet stick in the pineapple i mean br-lan or wlan0 . wlan1 ? im confused Quote Link to comment Share on other sites More sharing options...
pr0metheus Posted January 17, 2014 Share Posted January 17, 2014 hi guys, when it comes to SSLstrip on the pineapple, certain caveats notwithstanding, i think you need to set your sights on less lofty targets as facebook, gmail, et al. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.