haknakpdywak Posted February 11, 2014 Posted February 11, 2014 (edited) Apologies for the newbie question: What's the solution for allowing the user to be directed to their desired site once sslstrip has captured credentails? Currently it's just reloading the log in screen rather than allowing login. Edited February 12, 2014 by haknakpdywak Quote
haknakpdywak Posted February 12, 2014 Author Posted February 12, 2014 Solved. I'd delete this thread if it were possible. Quote
thesugarat Posted February 12, 2014 Posted February 12, 2014 Is the answer shared elsewhere in the forums? What did you do to fix it? Quote
haknakpdywak Posted February 12, 2014 Author Posted February 12, 2014 (edited) The question itself needed tweeking. What's needed is the dnsspoof infusion + a wide knowlege of scripting languages to create the forwarding page. Such as: PHP; HTML; Javascript; CSS; etc. Off to the codeacadamy! Edited February 12, 2014 by haknakpdywak Quote
Crazy52 Posted February 12, 2014 Posted February 12, 2014 i noticed this as well, just added a redirect after the last redirect XD just a stupid quick fix not really a solution but it works. Quote
haknakpdywak Posted February 12, 2014 Author Posted February 12, 2014 Assuming you meant the dnsspoof, could you elaborate a bit? I'm not seing a redirect. Quote
haknakpdywak Posted February 12, 2014 Author Posted February 12, 2014 (edited) A quick fix for the sslstrip is to turn on the 1 sec refresh and switch off the infusion as soon as anything comes in. Not a ideal solution at all compared to writing custom script for dnsspoof but it does allow user x through to the other side. Edited February 12, 2014 by haknakpdywak Quote
thesugarat Posted February 12, 2014 Posted February 12, 2014 Honestly you've kind of lost me... You're talking about two different applications. By default sslstrip is supposed to collect the credential but allow the user into the site. If that is not working there is something wrong. So you're quick fix may work but it shoudln't be needed. And what do you mean "switch off the infusion" as soon as anything comes in? Hit the little x in the top left to close the sslstrip window? Or turn off sslstrip? (Fairly certain you mean the first one...) Either way I'm not tracking why you would need some sort of custom script with a completely different program to correct an sslstrip problem. Unless you are trying to use the redirect functions of dnsspoof to fix sslstrip. Quote
haknakpdywak Posted February 12, 2014 Author Posted February 12, 2014 (edited) Is it? Because it just reloads rather than allowing X through. By 'switching off' I meant turning off sslstip so that it would stop both the reload loop and capture. I was assuming that sslstrip was made to not redirect so the plan was to write a custom script in dnsspoof. Edited February 12, 2014 by haknakpdywak Quote
haknakpdywak Posted February 12, 2014 Author Posted February 12, 2014 Is there a way to fix the refresh loop? Some tweeks seem to be going on with the infusion now. For a few min. it was flashing "Filter: Undefined". That stopped but now the "Loading.." is flashing and it won't capture any info. Quote
thesugarat Posted February 13, 2014 Posted February 13, 2014 I don't know how to fix what you're seeing... There are several threads on sslstrip and some issues people have seen in the past. You might try installing the Strip and Inject infusion... Or removing and reinstalling or a factory reset or a firmware reflash. Just depends on what's broken and how badly you want it to work. Quote
haknakpdywak Posted February 13, 2014 Author Posted February 13, 2014 (edited) I gave the factory reset a go with no results. The Hak5 forums is the only site tried so far that allows access after entering the login credentails. I'll try strip-n-inject after brushing up on HTML coding. Edited February 13, 2014 by haknakpdywak Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.