I'm not sure how to read the logs for sslsplit?!?!

[pkjk]

I just flashed the new firmware and downloaded sslsplit on my pineapple. I started it and then went for

a bus ride, and a walk around the city. When I got home I opened up the log file and I can see a lot of

information like this-

2014-08-15 11:38:00 UTC ssl [172.16.42.228]:46824 [198.142.186.29]:443 sni:- crt:google.com/google.com/*.2mdn.net/*.android.com/*.appengine.google.com/*.au.doubleclick.net/*.cc-dt.com/*.cloud.google.com/*.de.doubleclick.net/*.doubleclick.com/*.doubleclick.net/*.fls.doubleclick.net/*.fr.doubleclick.net/*.google-analytics.com/*.google.ac/*.google.ad/*.google.ae/*.google.af/*.google.ag/*.google.al/*.google.am/*.google.as/*.google.at/*.google.az/*.google.ba/*.google.be/*.google.bf/*.google.bg/*.google.bi/*.google.bj/*.google.bs/*.google.bt/*.google.by/*.google.ca/*.google.cat/*.google.cc/*.google.cd/*.google.cf/*.google.cg/*.google.ch/*.google.ci/*.google.cl/*.google.cm/*.google.cn/*.google.co.ao/*.google.co.bw/*.google.co.ck/*.google.co.cr/*.google.co.hu/*.google.co.id/*.google.co.il/*.google.co.im/*.google.co.in/*.google.co.je/*.google.co.jp/*.google.co.ke/*.google.co.kr/*.google.co.ls/*.google.co.ma/*.google.co.mz/*.google.co.nz/*.google.co.th/*.google.co.tz/*.google.co.ug/*.google.co.uk/*.google.co.uz/*.google.co.ve/*.google.co.vi/*.google.co.za/*.google.co.zm/*.google.co.zw/*.google.com/*.google.com.af/*.google.com.ag/*.google.com.ai/*.google.com.ar/*.google.com.au

Being new to the pineapple and sslsplit I'm not quite sure what I have done wrong. There is a lot of data, but I

can't seem to find any user names or passwords.

I ran sslsplit with PineAP and Karma but was I supposed to start something else at the same time?

I read http://champagneandsecurity.wordpress.com/2014/07/26/sslsplit-on-wifi-pineapple/%C2'> but it looked to me like

a guide for the command line sslsplit and not an infusion.

Was I supposed to follow this to the tee because all I did was click start,

Any help would be really appreciated.

[pkjk]

I tried to link to a tutorial after "I read...." but clearly it did not work for some reason and has made me look like an incompetant fool.

Well, like more of an incompetant fool than I appeared to be already.

[thesugarat]

Why was the bus ride necessary? What was your setup? We're you providing internet to folks that connected to your pineapple? Have you tested this at home with your own equipment to ensure you know what it should look like when it works?

[daniboy92]

Just go to "History" into Sslsplit infusion and select "View" or "Download" and search carefully for an email and pass... If you don't find anything just nothing put or use their email and pass, maybe people only navigate without a login.

And thesugarat is rigth, but we can't control what people do with their own Pineapples.

Edited August 15, 2014 by daniboy92

[pkjk]

Cheers for responding guys, I suppose I shouldn't have mentioned the bus ride and walk around the city. People tend to use their phones a lot on the bus and many peeps get on and off. All of whom I had permission to test my pineapple on of course. There were about 40 people who connected and browsed during my 30 minute voyage, so the log was LONG.

I'm going to do some more testing at home as thesugarat suggested, just to get a feel of the infusion. On that note, does anyone else feel like a hippie saying the word infusion all the time? That word gets thrown around a lot these days, from iced tea, to vitamins and even shampoo.

Thats exactly what I did daniboy92 so I suppose Im going to have to go through the log again just to be sure.

Thanks again for respoding though!

[thesugarat]

I wasn't judging you or commenting on any legalities... That's your business. I was really just trying to understand your setup. I'm not trying to insult you but you left out those details that would let me rule out you being such a noob you're riding around on a bus with a pineapple that's not providing internet but expecting folks that browse to get to websites... Make sense? As daniboy92 suggested, I would ignore everything in the log that isn't related to username/email or password. Search/filter for email or pass or the @ symbol and see what pops up.

[daniboy92]

Unfortunately these logs are very hard to explore. When I was browsing 10 minutes, many lines with ininteligible characters appears and a few appears readable...

Sslsplit it's more recently than sslstrip, but like the other it seems than the actual browsers detects it and doesn't let the victim navigate more...

Also, I can't see what's the utility with WhatsApp, that have a command line in configuration of this infusion. Maybe we need more tests. I am very newbie with this infusion, but it seems uneffective with new and upgrade browsers.

Sorry for bad English.

[ARDETROYA]

Unfortunately these logs are very hard to explore. When I was browsing 10 minutes, many lines with ininteligible characters appears and a few appears readable...

Sslsplit it's more recently than sslstrip, but like the other it seems than the actual browsers detects it and doesn't let the victim navigate more...

Also, I can't see what's the utility with WhatsApp, that have a command line in configuration of this infusion. Maybe we need more tests. I am very newbie with this infusion, but it seems uneffective with new and upgrade browsers.

Sorry for bad English.

SSLSplit do not support HSTS. Main pages as Facebook, Hotmail, Twitter.. etc are not going to alow to stablis a conection so you can not sniff the password. It would be usefull for SSL aplications that require username/password as IMAP for example.

[pkjk]

Who said I wasn't providing internet thesugarat? I had my android tethered to it so Internet WAS provided. I checked my phone and the people who conneted used about 120mb. Truth is though, I am fairly new at this but I did search for email, pass, login, signin, @, etc. before I came and made my orginal post. Thats why I though I might not be reading it right, or might have to enable another infusion or command at the same time.

And I didn't think you were trying to insult me. I was just explaining why I went for a bus ride because you asked me why the bus ride was necessary and I was only answering you. I dont know why you think I thought you were insulting me?!?!

Oh and Daniboy92 I'm pretty sure the whatsapp reference is to sniff messages sent using it. I've got a Whatsapp sniffer on my phone, so I think it's a simpler version of that.

Like I mentioned earlier, there were a lot of people who connected and browsed on my pineapple, and they did use sites that require a login, but that probably stay connected with no need to re-login when you decide to use it again. Like the facebook app, as opposed to signing in regularly on the facebook page. Just an example as ARDETROYA mentioned earlier.

I'm going to use my pineapple now and connect to it wirelessly to test which pages will work on it automatically. I'll let you guys know if any of them work

for me.

Edited August 16, 2014 by pkjk

[daniboy92]

I was testing it with my phone ? just for sniff WhatsApp's conversations, but it doesn't show anything. Maybe you can do it with your stuff.