Whistle Master Posted December 24, 2015 Share Posted December 24, 2015 Module: SSLsplit Version: 1.0 Features: Install dependencies Generate certificate Manage firewall rules Live output with filter options Run History Autostart on boot Link to comment Share on other sites More sharing options...
b0N3z Posted February 27, 2016 Share Posted February 27, 2016 I have tryed with multiple modules and have reset the NANO a couple times and formatted my sdcard. I can download from the module manager to sdcard but when I try to install the dependency file it will sit at installing for a couple of mins and then go back to "not installed". I have done a reboot after this and still not installed. I have experienced this with SSLsplit, Randomroll, nmap. That is all i have tryed right now. im running 1.0.5 with Sebs updates installed first. Update: I just reset the Nano again and installed every module and there dependencies. The only one that failed this time was SSLsplit. Seems to be a hit and miss. Ive had other modules not install dependencies and after a couple resets they will work but others wont. Has anybody else experienced this? Link to comment Share on other sites More sharing options...
Maddog1929 Posted February 27, 2016 Share Posted February 27, 2016 I have tryed with multiple modules and have reset the NANO a couple times and formatted my sdcard. I can download from the module manager to sdcard but when I try to install the dependency file it will sit at installing for a couple of mins and then go back to "not installed". I have done a reboot after this and still not installed. I have experienced this with SSLsplit, Randomroll, nmap, and get. That is all i have tryed right now. im running 1.0.5 with Sebs updates installed first. Same here, but with SSLsplit I feel that every time a new module comes out, the repository breaks somehow. Link to comment Share on other sites More sharing options...
Sah5die Posted February 27, 2016 Share Posted February 27, 2016 can confirm same deps errors after fresh install Link to comment Share on other sites More sharing options...
barry99705 Posted February 28, 2016 Share Posted February 28, 2016 Try installing to internal memory. If I remember right, some of the dependencies don't like the sd card install. Link to comment Share on other sites More sharing options...
Sebkinne Posted February 28, 2016 Share Posted February 28, 2016 We know what is causing the issue and will send out a fix asap. Best Regards, Sebkinne Link to comment Share on other sites More sharing options...
zoro25 Posted February 29, 2016 Share Posted February 29, 2016 thanks for the clarification Seb, Can you or Whistle Master please post in this thread when the fix is ready, as I would rather wait for a working version than go through install and await a new patch or fixed version. :-) Link to comment Share on other sites More sharing options...
drale2k Posted March 18, 2016 Share Posted March 18, 2016 Hi, i am having issues seeing any traffic with SSLStrip. I installed it without any issues but after i turn it on and i connect with my device (iPad) the the PineAP and start surfing, i don't see any traffic. It just says "No connections log..." all the time. I am starting it with the default settings. Any idea what the problem could be? I can't configure the interface for SSLStrip to use. Is it using eth0? Link to comment Share on other sites More sharing options...
skib Posted March 19, 2016 Share Posted March 19, 2016 I have installed SSLstrip on the SD Card. It starts properly, and also seems to collect some data in the log. But I have never been able to see the data afterwards in one of the History logs. Whenever I try to View or Download it, it is always EMPTY. Is there something I have missed? I seem to have the same problem with tcpdump. Even though these Modules seem to be easy to use, I would like to see some detailed manuals for them. Can they be found somewhere? Link to comment Share on other sites More sharing options...
syn_nym Posted April 1, 2016 Share Posted April 1, 2016 SSLstrip is not automatically starting though "Start on boot" = ON. Any thoughts on how to debug this? TIA Link to comment Share on other sites More sharing options...
Whistle Master Posted April 1, 2016 Author Share Posted April 1, 2016 I'll have a look at it. Could you please post here the result of the following command: cat /etc/rc.local PS: By the way, it's sslsplit, not sslstrip ;) Link to comment Share on other sites More sharing options...
skib Posted April 7, 2016 Share Posted April 7, 2016 Wishlist for SSLsplit: After having played with this Module for a few hours, I have a wishlist. Maybe someone can help? 1. Have it starting on Boot. 2. Understand what the purpose of the History "View" Button is meant for. Or have it fixed it if it is a bug. (It never seems to work or do anything). (The "Download" Button works however, and transfers the History file to my Android, where I can study it using a Text Viewer app.) (The "Delete" Button also works.) 3. Get a better understanding on how this Module works. (E.g. it sometimes stops by itself. Why? Is it because the current History File is "full"?) 4. Get a better understanding of the data/text that is collected in the History File. 5. Get better names on the History files, which better reflect the Dates shown on the WiFi Pineapple SSLsplit Module page. 6. Understand how to use the "Log Filter"/"Piped Comm". 7. Understand how to Clear the Log (if possible?). There are a few descriptions of this "Modul"e on Internet, but none related to the WiFi Pineapple (as far as I have seen.). Skib Link to comment Share on other sites More sharing options...
Whistle Master Posted April 7, 2016 Author Share Posted April 7, 2016 1. To have it start on boot, you just have to click on the "ON/OFF" button and then the state of the button is green, which means that sslsplit will be started on boot. 2. The view button will show you the content of the log, what have been captured, etc. Working fine on my side by the way. 3. SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original destination address, while logging all data transmitted. SSLsplit is intended to be useful for network forensics and penetration testing. 4. Well, the history files show what was captured (output) when sslsplit was running. 5. The log files names are the date when sslsplit was run. I'm not sure giving "better" names would help in this matter... 6. As in command lines, you can pipe command to filter the output. (e.g. grep "password" | grep "example.com" | awk '{ print $2}') <- Just an example. 7. For the moment, the output log cannot be cleared. Link to comment Share on other sites More sharing options...
Purrball Posted April 7, 2016 Share Posted April 7, 2016 WM, maybe this is a stupid question, but is an active internet connection required for this to "work", or does the SSL data still get pushed through? I guess this is more about how SSL/TLS works? In other words, a two-way exchange required for the log to be filled with any connections or data? I'm wondering because I tested this out without having internet sharing enabled and it never showed any connections despite running a few SSL-based requests through it. Thanks for keeping this alive with all your modules, great work all around :) Link to comment Share on other sites More sharing options...
Whistle Master Posted April 7, 2016 Author Share Posted April 7, 2016 Indeed, you need to have a working internet connection. Link to comment Share on other sites More sharing options...
skib Posted April 8, 2016 Share Posted April 8, 2016 Thank you, Whistle Master. But (once again), 1. The "Start on boot" function does not work on my PA. I have seen another user saying the same. And I have the latest version of everything. 2. The view button does not work on my PA. It has never shown anything. Could it be that the file is too large? 3. Thank you for your explanation. Why does SSLsplit sometimes stop on its own? 4. Thank you for your explanation. Now I understand that it is the data transmitted. 5. When I download a History file for Date (on SSLsplit History) 2016-04-07 13-41-47, a file named output_1460036506.log is downloaded. So what is the correspondence between the file name and the SSLsplit History date? 6. Thank you for your explanation. Seems quite useful. 7. I hope a "Clear Log" function will be available soon. BTW; I am also eagerly waiting for the SSLstrip to be available as a Module. Thanks again. Hope you will follow up. Best, skib Link to comment Share on other sites More sharing options...
Purrball Posted April 8, 2016 Share Posted April 8, 2016 5. When I download a History file for Date (on SSLsplit History) 2016-04-07 13-41-47, a file named output_1460036506.log is downloaded. So what is the correspondence between the file name and the SSLsplit History date?Unix timestamp / epoch time. If you google it, you can find a conversion to readable time in the format youre familiar with.Example from unixtimestamp.com: 1460036506 Is equivalent to: 04/07/2016 @ 1:41pm (UTC) 2016-04-07T13:41:46+00:00 in ISO 8601 Thu, 07 Apr 2016 13:41:46 +0000 in RFC 822, 1036, 1123, 2822 Thursday, 07-Apr-16 13:41:46 UTC in RFC 2822 2016-04-07T13:41:46+00:00 in RFC 3339 Link to comment Share on other sites More sharing options...
Whistle Master Posted April 8, 2016 Author Share Posted April 8, 2016 1. The "Start on boot" function does not work on my PA. I have seen another user saying the same. And I have the latest version of everything. Could you please post here the result of the following command: cat /etc/rc.local 2. The view button does not work on my PA. It has never shown anything. Could it be that the file is too large? Indeed. If the file is too large, then the webserver times out and nothing is display. Can't do much about that unfortunately. 3. Thank you for your explanation. Why does SSLsplit sometimes stop on its own? Should not stop. Maybe an SSLsplit issue. Link to comment Share on other sites More sharing options...
Purrball Posted April 10, 2016 Share Posted April 10, 2016 i've been having it stop as well, in under 5 hours of low use, just quits. is there anything in the logs that we can look for to indicate what could be causing it? i've also noticed that when this happens pine ap will show the client with no ip and no hostname, it seems to be causing a larger system crash - or the larger system crash is causing this? need to figure out how to track it down! Link to comment Share on other sites More sharing options...
jermzz Posted April 20, 2016 Share Posted April 20, 2016 Is there certain browser this works better with than others? I got the module installed, and it's capturing connections and displaying them, but I can't get a single sniffed credential. Facebook, Gmail, Hotmail. Tried on safari and chrome with no avail. Even if I click through all the certificate warnings and proceed to the site. Safari won't even let me access https sties regardless. Link to comment Share on other sites More sharing options...
Fuse8499 Posted April 23, 2016 Share Posted April 23, 2016 I'm having trouble capturing credentials as well. It does work to an extent but stops after a few minutes. Probably just needs to be tweaked. Link to comment Share on other sites More sharing options...
Purrball Posted April 25, 2016 Share Posted April 25, 2016 Noticed some odd behavior with the logging when using WiFi Client Mode, if you view it sometimes there will be traffic from an IP that is not connected to pineAP, typically it's *.*.*.111 and I am trying to figure out what / why this might happen. None of the IP's in Networking tab are anything even close. Anybody got ideas? Link to comment Share on other sites More sharing options...
Purrball Posted May 3, 2016 Share Posted May 3, 2016 And I figured out what was causing the above problem - though I cant fix it. When controlling the NANO through the Management interface it starts trying to process the data coming through it. Dont know if that's causing any problems using the module, but it's definitely grabbing stuff that isn't necessary. Might even be causing crashing? Is there any way we could have an interface selection option or possibly force it to only pull info from the AP / bridged interface and not the management AP? I was only able to find this because of the Connected Client module, when I noticed that management AP was going through wlan0-1 and that's where the IP was - but it never shows in the default devices section (for obvious reasons I guess) Link to comment Share on other sites More sharing options...
Whistle Master Posted May 4, 2016 Author Share Posted May 4, 2016 Unfortunately, you can't specifiy the interface used by SSLsplit BUT you can use some NAT rules to redirect the traffic where you want. Link to comment Share on other sites More sharing options...
veggiefish Posted June 8, 2016 Share Posted June 8, 2016 I have installed the dependencies already but: root@rj45:~# sslsplit sslsplit: can't load library 'libevent_openssl-2.0.so.5' Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.