shamwow Posted June 28, 2015 Share Posted June 28, 2015 i installed sslstrip2 and dns2proxy and python 2.7.3and i did the ip forwarding with the recommend iptables as it shows in the manual echo 1 > /proc/sys/net/ipv4/ip_forward iptables-t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 9000 iptables-t nat -A PREROUTING -p udp --destination-port 53 -j REDIRECT --to-port 53 after running python sslstrip.py -l 9000 and arp -i wlan0 target_ip gateway_ip and python dns2proxy.pyi went to my test machine and try hotmail.com; google.com; facebook.com ....sslstrip2 is changing the url but the webpage wont load. can anyone tell me how to fix this? these are the links that i downloaded from.https://github.com/singe/sslstrip2https://github.com/singe/dns2proxy Quote Link to comment Share on other sites More sharing options...
cooper Posted June 28, 2015 Share Posted June 28, 2015 Did your test machine at any point in the past already access these hosts? What browser are you using (if any)? Quote Link to comment Share on other sites More sharing options...
shamwow Posted June 28, 2015 Author Share Posted June 28, 2015 i used internet explorer and firefox. yes my machine did have access to the machine when i used sslstrip1 and worked. Quote Link to comment Share on other sites More sharing options...
cooper Posted June 28, 2015 Share Posted June 28, 2015 The point is that, at least Firefox honors the HSTS header, meaning that now that it has accessed Facebook over https once, it will continue to do so for the next year or so immediately, without first going the HTTP route (sslstrip works by MITM-ing the machine on its initial connection, which always defaults to using HTTP. When the initial connection goes straight for HTTPS, it can't do anything). Quote Link to comment Share on other sites More sharing options...
shamwow Posted June 28, 2015 Author Share Posted June 28, 2015 The point is that, at least Firefox honors the HSTS header, meaning that now that it has accessed Facebook over https once, it will continue to do so for the next year or so immediately, without first going the HTTP route (sslstrip works by MITM-ing the machine on its initial connection, which always defaults to using HTTP. When the initial connection goes straight for HTTPS, it can't do anything). can you try sslstrip2 and see what is causing the problem? Quote Link to comment Share on other sites More sharing options...
cooper Posted June 29, 2015 Share Posted June 29, 2015 Just use wireshark to look at the traffic from your target when it tries to access the website. It should tell you everything you need to know. Quote Link to comment Share on other sites More sharing options...
shamwow Posted June 30, 2015 Author Share Posted June 30, 2015 wireshark didn't tell me anything. thanks for nothing. Quote Link to comment Share on other sites More sharing options...
Sildaekar Posted June 30, 2015 Share Posted June 30, 2015 wireshark didn't tell me anything. thanks for nothing. Instead of becoming aggressive try some self-reflecting. Maybe it didn't tell you anything because you don't know how to work it, or maybe there wasn't a connection Quote Link to comment Share on other sites More sharing options...
cooper Posted June 30, 2015 Share Posted June 30, 2015 If wireshark tells you nothing it means you don't know how to read it or your target machine isn't sending data in a way that you can capture/see it. In which case it's also obvious why sslstrip isn't working because I can assure you that if wireshark doesn't see it, that's because it isn't there. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.