michael_kent123 Posted June 12, 2015 Posted June 12, 2015 To use SSL Strip: echo "1" > /proc/sys/net/ipv4/ip_forwardiptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 Why is the destination port 80 since we want to redirect HTTPS traffic. Shouldn't it be port 443? Let's say I want to intercept secure POP which uses port 995. Can I just do: iptables -t nat -A PREROUTING -p tcp --destination-port 995 -j REDIRECT --to-port 10000 Or should it be port 110 (POP) considering that HTTPS apparently uses port 80 (not 443)? Quote
cooper Posted June 12, 2015 Posted June 12, 2015 (edited) The point about SSLStrip is that you DON'T want to redirect HTTPS traffic. You want to take over an HTTPS connection by intercepting the initial HTTP request, proxy it on using HTTPS and returning the result to the client via HTTP using a few tricks to make it look like the connection was secure when in fact it very much wasn't. If mail clients, when requested to go to mail.server.com would first attempt pop3 and only if that failed move on to secure pop3, then yes a similar concept could apply. However people configure their mail client for either pop3 or secure pop3 specifically before they do anything. Only when your target never before communicated with the server and is mentally incapable to properly configure their mail client in spite of any documentation provided will this work, meaning anything you intercept from this person will be spam, 419 scams and facebook update emails. It will give you the same mental satisfaction as re-watching the entire OJ Simpson trial. Edited June 12, 2015 by Cooper Quote
michael_kent123 Posted June 12, 2015 Author Posted June 12, 2015 (edited) On a related note, I wonder if you know anything about Microsoft Active Sync. I set up a Hotmail account on my iPhone. To connect to the server, Microsoft apparently uses HTTPS on port 443. See, for example, http://www.altn.com/Support/FAQ/FAQResults/?Number=KBA-02281 I used arpspoof and SSLStrip in the normal way (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000). I then sent an e-mail from my Desktop to my Hotmail account on my iPhone. The phone downloaded the message. However, when I checked the SSLStrip log, nothing showed. When, on the iPhone, I login to a webmail account (port 443) the username:password does show in my log. I'm wondering if there is a way to intercept the username:password between Hotmail on the iPhone using SSLStrip. Any ideas? Thanks! Edited June 12, 2015 by michael_kent123 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.