Jump to content

[Official] SSLsplit


Whistle Master

Recommended Posts

  • Replies 139
  • Created
  • Last Reply

root@rj45:/sd/modules/tcpdump/dump# opkg install libevent2-openssl
Package libevent2-openssl (2.0.22-1) installed in sd is up to date.
root@rj45:/sd/modules/tcpdump/dump# sslsplit
sslsplit: can't load library 'libevent_openssl-2.0.so.5'

 

root@rj45:/usr/lib# ls | grep libevent
root@rj45:/usr/lib#


does this currently work for anyone? Can you share your output of above command?

Link to comment
Share on other sites

Hey

this module seams to work fine on my nano, nice work !

I tried the module on a client with chrome, and with all the major https website, they have hsts and so chrome yells at us that there is an attack ...

So whats the point of this now that HSTS makes it impossible to use... no?

Link to comment
Share on other sites

@veggiefish, here's output...

/usr/lib# ls | grep libevent
libevent-2.0.so.5
libevent-2.0.so.5.1.10
libevent_core-2.0.so.5
libevent_core-2.0.so.5.1.10
libevent_extra-2.0.so.5
libevent_extra-2.0.so.5.1.10
libevent_openssl-2.0.so.5
libevent_openssl-2.0.so.5.1.10
libevent_pthreads-2.0.so.5
libevent_pthreads-2.0.so.5.1.10

 

Link to comment
Share on other sites

I start the PineAP and connect my iPhone 5S to the Nano.  I go to the Chrome app and the internet is working fine.  I start SSLsplit.  I then go back to the iPhone 5s and it cannot connect to the internet.  The same thing happened when connecting with the Macbook Pro.  Any Ideas why SSLsplit is stopping access to the internet?  I'm using Windows 7 with the WiFi Pineapple Nano.  Thanks for any help!

Link to comment
Share on other sites

OK, I reset my Nano and reinstalled SSLsplit.  Everything seems to be working with the internet and everything.  Now, when I turn on SSLsplit, go to like Facebook.com, the page is in plain text.  Is SSLsplit supposed to do this?  Is there a setting I can change to make the facebook page look normal again?  Any help is appreciated.

Link to comment
Share on other sites

facebook.com, like others, uses HSTS, i had some issues with that and couldn't access anything using sslsplit.

In my case, Chrome just simply block the facebook page saying there is an attack since its not https.

Link to comment
Share on other sites

  • 3 weeks later...
5 minutes ago, Foxtrot said:

The SSLSplit module uses 'rm' to delete files:


// api/module.php:325
exec("rm -rf /pineapple/modules/SSLsplit/log/".$this->request->file);

The reason rm isn't secure is best (imo) explained here.

Thanks Foxtrot! I know what to do from here. I appreciate the quick response.

Link to comment
Share on other sites

On 22/6/2016 at 8:31 AM, zB0o3z said:

facebook.com, like others, uses HSTS, i had some issues with that and couldn't access anything using sslsplit.

In my case, Chrome just simply block the facebook page saying there is an attack since its not https.

is  my case too !    someone has resolved this?  

Link to comment
Share on other sites

  • 3 weeks later...

Hello. I'm trying to use SSLSplit module. When it's working and I try to open any HTTPS page (e.g. facebook) from my test laptop I always get an error about wrong SSL certificate of the page in the browser. Is there a workaround to solve it?

Link to comment
Share on other sites

  • 1 month later...
  • 4 weeks later...

Running into strange behaviors with the current firmware on Tetra. SSLsplit always shows as started even if it's not. I've emptied the page cache, restarted multiple times, it's not checked to autostart and yet it appears to be stuck in the 'started' state. Thought it might be browser cache, but clearing that didnt fix it either.

 

Any thought?

Link to comment
Share on other sites

Installed on my nano and had a few comments to share or get feedback on. First thanks for the hard work of getting this going, much appreciated for my testing.

1.) Output on the nano seems different from various tutorials I've been watching (maybe they were for SSLStrip though). Output will show me accessing a page but not show my clear text POST data. However if I download my history I can see it right there. This may be as intended, just thought it was worth mentioning. Actually entering the dummy clear text information does have problems that are stated below.

2.)I am currently having problems with it actually working to silently strip SSL. I have test servers with valid SSL certs installed (no HSTS) and it still gives me a security warning on my device connected through PineAP. Big red error about connection not private and cert is invalid. I get the not being able to work on HSTS sites but sites not using that technology I'm still just getting SSL warnings. Is there some other dependency that needs to be installed for this to work? Testing it while tethered to a PC sharing internet connection. Thanks for any feedback.

Link to comment
Share on other sites

  • 1 month later...
  • 1 month later...

All the certificates and dependency are installed correctly, but when I try to start SSL Split it does not start. Is there something wrong with the configuration (under configuration tab)?

To be honest, I'm new at this. Is there a tutorial on how to use this module? Thanks!

Link to comment
Share on other sites

On 01/01/2017 at 1:37 AM, kevinliu18 said:

All the certificates and dependency are installed correctly, but when I try to start SSL Split it does not start. Is there something wrong with the configuration (under configuration tab)?

To be honest, I'm new at this. Is there a tutorial on how to use this module? Thanks!

It seems that sslsplit binary expects dynamic libs named "libevent_xxx-2.0.so.5" and sadly, libs installed in "/sd/usr/lib/" have a ".5.1.10" suffix:

ldd /sd/bin/sslsplit 
	libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x77214000)
	libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x770ae000)
	libevent_openssl-2.0.so.5 => /usr/lib/libevent_openssl-2.0.so.5 (0x7709a000)
	libevent_pthreads-2.0.so.5 => /usr/lib/libevent_pthreads-2.0.so.5 (0x77088000)
	libevent-2.0.so.5 => /usr/lib/libevent-2.0.so.5 (0x7704b000)
	libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77027000)
	libpthread.so.0 => /lib/libpthread.so.0 (0x77001000)
	libc.so.0 => /lib/libc.so.0 (0x76f94000)
	libdl.so.0 => /lib/libdl.so.0 (0x76f80000)
	ld-uClibc.so.0 => /lib/ld-uClibc.so.0 (0x77272000)
ls /sd/usr/lib/
libevent-2.0.so.5.1.10           libevent_extra-2.0.so.5.1.10     libevent_pthreads-2.0.so.5.1.10
libevent_core-2.0.so.5.1.10      libevent_openssl-2.0.so.5.1.10   opkg

 

You can either:

  • remove .5.1.10 suffixes manually
  • create symlinks with proper names in /usr/lib/

second option actually worked for me

Link to comment
Share on other sites

  • 1 month later...
On 1 de enero de 2017 at 1:37 AM, kevinliu18 said:

All the certificates and dependency are installed correctly, but when I try to start SSL Split it does not start. Is there something wrong with the configuration (under configuration tab)?

To be honest, I'm new at this. Is there a tutorial on how to use this module? Thanks!

The same is happening to me. I can only make it start when installing sslsplit module to internal storage.

However, I dont like this solution, as the generated logs may fill the internal storage.

I also tried to install sslsplit to SD card and then renaming libevent-2.0.so files by removing ".5.1.10" sufrix as explained by Noth, but that didnt work. (module didnt't start).

Would ir be possible to keep this module installed in internal storage and make the logs be stored in SD? (maybe with symbolic links, but I don't know how that can be done)

Any guidance would be much appreciated. Thanks

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...