Jump to content

Two questions about SSL Strip.


Recommended Posts

To use SSL Strip:

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

Why is the destination port 80 since we want to redirect HTTPS traffic. Shouldn't it be port 443?

Let's say I want to intercept secure POP which uses port 995.

Can I just do:

iptables -t nat -A PREROUTING -p tcp --destination-port 995 -j REDIRECT --to-port 10000

Or should it be port 110 (POP) considering that HTTPS apparently uses port 80 (not 443)?

Link to comment
Share on other sites

The point about SSLStrip is that you DON'T want to redirect HTTPS traffic. You want to take over an HTTPS connection by intercepting the initial HTTP request, proxy it on using HTTPS and returning the result to the client via HTTP using a few tricks to make it look like the connection was secure when in fact it very much wasn't.

If mail clients, when requested to go to mail.server.com would first attempt pop3 and only if that failed move on to secure pop3, then yes a similar concept could apply. However people configure their mail client for either pop3 or secure pop3 specifically before they do anything. Only when your target never before communicated with the server and is mentally incapable to properly configure their mail client in spite of any documentation provided will this work, meaning anything you intercept from this person will be spam, 419 scams and facebook update emails. It will give you the same mental satisfaction as re-watching the entire OJ Simpson trial.

Edited by Cooper
Link to comment
Share on other sites

On a related note, I wonder if you know anything about Microsoft Active Sync.

I set up a Hotmail account on my iPhone. To connect to the server, Microsoft apparently uses HTTPS on port 443. See, for example, http://www.altn.com/Support/FAQ/FAQResults/?Number=KBA-02281

I used arpspoof and SSLStrip in the normal way (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000).

I then sent an e-mail from my Desktop to my Hotmail account on my iPhone. The phone downloaded the message.

However, when I checked the SSLStrip log, nothing showed.

When, on the iPhone, I login to a webmail account (port 443) the username:password does show in my log.

I'm wondering if there is a way to intercept the username:password between Hotmail on the iPhone using SSLStrip.

Any ideas? Thanks!

Edited by michael_kent123
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...