clockworkorange Posted April 1, 2014 Share Posted April 1, 2014 I followed the Chris H's tutor on SSLSTRIP and using it with karma. I see other posts on SSLSTRIP and client mode having issues?? For me the following is happing. It was working well before all the UPDATES. Running 1.2.0 Version newest I log into pineapple and pineapple is connect to my computer via cable. I make sure my wifi router is connected in client mode Karma AP set to "Free WIFI" PUT my Routers MAC in Karma Blacklist SSLSTRIP set to refresh 1 sec -- I fire up all these and nothing shows in the SSLSTRIP's logs just -------------sslstrip output_13963xxxxx.log [April 01 2014]filter undefined See below--I have XXXXX out any identifying infor ------------------------------------------------------ Client Mode and SSLSTRIP I was able to connect through the AP I setup with my cell phone, went to a few pages on intertnet SSLSTRIP showing NADAKARMA: Successful association of " MY CELL PHONE "When I try to view SSLSTRIP log it kicks me back to the Output tab--and nothing to see--WTF ------------------------------------------------------------------- IP address HW type Flags HW address Mask Devicexxxxxxxxxxxxx 0x1 0x0 00:00:00:00:00:00 * wlan1xxxxxxxxxxxxx 0x1 0x2 xxxxxxxxxxxxxxx * br-lanxxxxxxxxxxxxx 0x1 0x2 xxxxxxxxxxxxxx * wlan1KARMA: Probe Request from xxxxxxxxxx for SSID 'router 1XXXXXX'KARMA: Probe Request from xxxxxxxx for SSID 'Router 2 XXXXXXX'KARMA: Probe Request from xxxxxxxxx for SSID 'Router 3 XXXXXXX'KARMA: Probe Request from xxxxxxxxxxx for SSID 'Router 4 XXXXXXX'KARMA: ENABLED2NetworkWlan0 Enabled. |Wlan1 Enabled. |Internet IP: ShowLAN: 172.16.42.1Wlan1: 192.XXXXXXXXXMobile: N/AClient ModeConnection Information - DisconnectConnected.wlan1 Link encap:Ethernet HWaddr XXXXXXX inet addr:192.XXXXXX Bcast:192.XXXXX.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:477 errors:0 dropped:12 overruns:0 frame:0 TX packets:176 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:30577 (29.8 KiB) TX bytes:17539 (17.1 KiB)wlan1 IEEE 802.11bg ESSID:"XXXXXX" Mode:Managed Frequency:2.417 GHz Access Point: XXXXXXXXXXXXX Bit Rate=18 Mb/s Tx-Power=27 dBm RTS thr:off Fragment thr:off Encryption key:off Power Management:off Link Quality=70/70 Signal level=-14 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:1 Missed beacon:0 Quote Link to comment Share on other sites More sharing options...
thesugarat Posted April 1, 2014 Share Posted April 1, 2014 Your Karma is working and so is your Client Mode. For sslstrip, try logging into the pineapple via ssh and run 'sslstrip' from the command line; then start surfing and see if it displays errors. Let us know what it says. Quote Link to comment Share on other sites More sharing options...
clockworkorange Posted April 1, 2014 Author Share Posted April 1, 2014 It appears that the newest update today for the client mode and karma now has SSLSTRIP and Karma working--Thanks Shannon!!! / and others Quote Link to comment Share on other sites More sharing options...
BubbaRR Posted April 1, 2014 Share Posted April 1, 2014 Yes, having the same issue. I will try and see if i have an update for this as well later tonight when i try it out. Quote Link to comment Share on other sites More sharing options...
flynn23 Posted April 1, 2014 Share Posted April 1, 2014 I am having the exact same issue. I've got the ethernet plugged into my LAN and wlan0 acting as a honey pot AP. However, all clients that are connecting to the AP are not getting the HTTP version of the sites I am browsing to. They are getting the HTTPS versions, as if the pineapple is just bridging and sslstrip is not monitoring the traffic. This is the same whether I'm on the command line or the the web GUI. Yes, I've updated the infusion this afternoon. Quote Link to comment Share on other sites More sharing options...
flynn23 Posted April 1, 2014 Share Posted April 1, 2014 One thing I'll add, and I'm not sure why this should make any difference, but the Pineapple AP is on the same subnet as all the other machines. So the devices connecting to the AP are getting DHCP addresses from the router that the Pineapple AP is also getting a dhcp address from (via eth0). Not sure why this should make a difference for sslstrip, since I would think it's going to look at all traffic passing through the Pineapple, but that's it. Not sure if you have to put an interface into promiscuous mode or not. That doesn't seem right to me. Quote Link to comment Share on other sites More sharing options...
clockworkorange Posted April 2, 2014 Author Share Posted April 2, 2014 (edited) --flynn23--your right, I also noticed the issue--even though I did the update( pineapple infusion ) that was posted for Karma and Client mode --I am not seeing decoded traffic-- Perhapes Sebkinne and others can chime in on this , not sure if were doing something in error, but I follwed what Chris H does in the SSLSTRIP advised . Edited April 2, 2014 by clockworkorange Quote Link to comment Share on other sites More sharing options...
thesugarat Posted April 2, 2014 Share Posted April 2, 2014 Not sure why you think an update to Karma or Client mode should impact how sslstrip works.... But, what you guys are seeing is not something that hasn't been seen before. So I used the forum search function and found what I was looking at before I suggested you ssh in and type sslstrip. Not a guaranteed fix but hopefully it points you in the right direction. https://forums.hak5.org/index.php?/topic/31011-sslstrip-works-just-for-https-pages-but-blocks-http-pages/?hl=sslstrip Quote Link to comment Share on other sites More sharing options...
BubbaRR Posted April 2, 2014 Share Posted April 2, 2014 Is it possible to use Karma and SSLStrip on a WEP or WPA2 network that I have my Pineapple attached too? Or should I only be attempting this on Open networks? So far I have only attempted this on WEP and WPA2 so that could be a problem if I can only use Open. So far I have had no luck with SSLStrip as of yet. I will attempt the posted fix link later today again. Quote Link to comment Share on other sites More sharing options...
thesugarat Posted April 2, 2014 Share Posted April 2, 2014 You're getting things mixed up I think... Karma and sslstrip do different things. Karma- You just turn it on... it is only going to work on Open (unprotected) nets. It pretends to be that AP. If it tried to pretend to be an encrypted network your device has seen before it won't work because it doesn't know what that Key is. Your device does but Karma does not.... sslstrip - Again, you just turn it on, but it doesn't care what kind of setup you have as far as networking. It just cares if it can see the traffic. So sslstrip can be used while your pineapple is using wifi or Ethernet. Quote Link to comment Share on other sites More sharing options...
BubbaRR Posted April 2, 2014 Share Posted April 2, 2014 Got it. Thanks for the clarification on that. I have been trying to do so many things with my new mark v and being that I am new to all of this I have fried my own brain. Quote Link to comment Share on other sites More sharing options...
clockworkorange Posted April 2, 2014 Author Share Posted April 2, 2014 Well-new issue--I tried the setup---- tried to login into a pages HTTPS like Gmail and then went over to yahoo mail all from a seperate laptop per Chris's tutor on SSLSTRIPIt did show data coming across--but now when I go to the log files foe SSLSTRIP it does not allow me to see the logs or download. same issue as before, click on VIEW, boots me back to Tab for outputTry to download logs --broswers opens--with below link--blank http://172.16.42.1:1...9648767562----- dot log Not seeing decrypted info either-very interesting though, not sure what to think. ******* if anyone else can post their steps and results it just might be interesting to see what other get! Quote Link to comment Share on other sites More sharing options...
thesugarat Posted April 2, 2014 Share Posted April 2, 2014 The reason you are getting booted back to the output Tab is because that is where it displays the log.... If you have the auto update turned on and you try to look at a log it will of course blank the output screen (log) you're looking at after 1 sec or whatever you've set. Quote Link to comment Share on other sites More sharing options...
flynn23 Posted April 2, 2014 Share Posted April 2, 2014 Well, that's not the behavior I'm seeing. I'm seeing nothing being logged at all. SSLstrip is obviously not parsing the traffic going over the interfaces. I've tested this multiple times and can repeat it. Log files are created but empty using cat at the CLI. In fact, I know it's not working because the 'victim' machine is still able to see the target website as HTTPS, including a valid certificate. So SSLstrip is not MITM. Quote Link to comment Share on other sites More sharing options...
clockworkorange Posted April 3, 2014 Author Share Posted April 3, 2014 I concur with what Flynn23 is seeing, something is not right with SSLSTRIP and the Traffic not being converted! Quote Link to comment Share on other sites More sharing options...
thesugarat Posted April 3, 2014 Share Posted April 3, 2014 I don't disagree with what you are seeing. Not logging anything/not working at all is also not a new problem... It's been seen many times before. You can try to install the Strip and Inject infusion and see if that clears up your issues with sslstrip. At one point that Infusions install did something different with I believe the twistedweb packages and cleared up a few users issues with sslstrip. It's a longshot though... Quote Link to comment Share on other sites More sharing options...
BubbaRR Posted April 3, 2014 Share Posted April 3, 2014 I was able to get SSLStrip working last night. I believe I was just trying the wrong type of websites. I kept trying to log into google. So I finally tried yahoo, then pinterest (my wife's). I was able to see usernames and passwords fine. Works like a charm. I do have a question though. I want my macbook to have wifi access to the internet and have my pineapple have access to the internet. As of right now, I have to have my wifi on my computer turned off to go into my pineapple interface. Is this normal. So the only one having the internet access is the pineapple. Is this right? Quote Link to comment Share on other sites More sharing options...
thesugarat Posted April 3, 2014 Share Posted April 3, 2014 Well that's a different subject but what you are describing is not even ICS or Internet Connection Sharing. Which is difficult with OSX... Sounds like you have: MacBook wifi connected to your Home router on say 192.168.1.X range... And MacBook's Ethernet port manually set to 172.16.42.42 connected to the Pineapple's eth0 port. Make sure you go into your Network settings and Prioritize your WiFi above your ehternet port. In that configuration your laptop will get it's internet from the WiFi connection but you should still be able to get to the management page of the Pineapple. But that configuration is very limiting. Try: MacBook Wifi connected to Pineapple's AP (wlan0) with Pineapples Client Mode (wlan1) connected to an internet connected Access Point. That way you're all on the same system. Quote Link to comment Share on other sites More sharing options...
BubbaRR Posted April 3, 2014 Share Posted April 3, 2014 OK. So connect macbook wifi to pineapple AP. I just need to ensure that I am on the blacklist. I did notice last night that when computers connected to my pineapples wifi, it was very very slow. Is that because its trying to redirect to a non https site or something or is the transfer through the pineapple just slow? Quote Link to comment Share on other sites More sharing options...
thesugarat Posted April 3, 2014 Share Posted April 3, 2014 Blacklist for what program? If you're using Karma then yes you might want to Blacklist... Since you're already on the Pineapple by choice it doesn't make much difference but the Pineapple can ignore your MacBook and not waste it's time. Quote Link to comment Share on other sites More sharing options...
BubbaRR Posted April 3, 2014 Share Posted April 3, 2014 Yes, I was referring to Karma. Thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.