Jump to content
Whistle Master

[Official] SSLsplit

Recommended Posts

root@rj45:/sd/modules/tcpdump/dump# opkg install libevent2-openssl
Package libevent2-openssl (2.0.22-1) installed in sd is up to date.
root@rj45:/sd/modules/tcpdump/dump# sslsplit
sslsplit: can't load library 'libevent_openssl-2.0.so.5'

 

root@rj45:/usr/lib# ls | grep libevent
root@rj45:/usr/lib#


does this currently work for anyone? Can you share your output of above command?

Share this post


Link to post
Share on other sites

Hey

this module seams to work fine on my nano, nice work !

I tried the module on a client with chrome, and with all the major https website, they have hsts and so chrome yells at us that there is an attack ...

So whats the point of this now that HSTS makes it impossible to use... no?

  • Upvote 1

Share this post


Link to post
Share on other sites

@zB0o3z - the module is being updated to include the latest SSLStrip which will work with SHA256 and resolve the issues you are facing above.  

Share this post


Link to post
Share on other sites

@veggiefish, here's output...

/usr/lib# ls | grep libevent
libevent-2.0.so.5
libevent-2.0.so.5.1.10
libevent_core-2.0.so.5
libevent_core-2.0.so.5.1.10
libevent_extra-2.0.so.5
libevent_extra-2.0.so.5.1.10
libevent_openssl-2.0.so.5
libevent_openssl-2.0.so.5.1.10
libevent_pthreads-2.0.so.5
libevent_pthreads-2.0.so.5.1.10

 

Share this post


Link to post
Share on other sites

I start the PineAP and connect my iPhone 5S to the Nano.  I go to the Chrome app and the internet is working fine.  I start SSLsplit.  I then go back to the iPhone 5s and it cannot connect to the internet.  The same thing happened when connecting with the Macbook Pro.  Any Ideas why SSLsplit is stopping access to the internet?  I'm using Windows 7 with the WiFi Pineapple Nano.  Thanks for any help!

Share this post


Link to post
Share on other sites

OK, I reset my Nano and reinstalled SSLsplit.  Everything seems to be working with the internet and everything.  Now, when I turn on SSLsplit, go to like Facebook.com, the page is in plain text.  Is SSLsplit supposed to do this?  Is there a setting I can change to make the facebook page look normal again?  Any help is appreciated.

Share this post


Link to post
Share on other sites

facebook.com, like others, uses HSTS, i had some issues with that and couldn't access anything using sslsplit.

In my case, Chrome just simply block the facebook page saying there is an attack since its not https.

Share this post


Link to post
Share on other sites

Can someone please tell me how secure of a delete is performed when selecting delete on files stored in sslsplit's History tab in Pineapple Nano web interface?

 

Thanks!

Share this post


Link to post
Share on other sites

The SSLSplit module uses 'rm' to delete files:

// api/module.php:325
exec("rm -rf /pineapple/modules/SSLsplit/log/".$this->request->file);

The reason rm isn't secure is best (imo) explained here.

  • Upvote 1

Share this post


Link to post
Share on other sites
5 minutes ago, Foxtrot said:

The SSLSplit module uses 'rm' to delete files:


// api/module.php:325
exec("rm -rf /pineapple/modules/SSLsplit/log/".$this->request->file);

The reason rm isn't secure is best (imo) explained here.

Thanks Foxtrot! I know what to do from here. I appreciate the quick response.

Share this post


Link to post
Share on other sites
On 22/6/2016 at 8:31 AM, zB0o3z said:

facebook.com, like others, uses HSTS, i had some issues with that and couldn't access anything using sslsplit.

In my case, Chrome just simply block the facebook page saying there is an attack since its not https.

is  my case too !    someone has resolved this?  

Share this post


Link to post
Share on other sites

Hello. I'm trying to use SSLSplit module. When it's working and I try to open any HTTPS page (e.g. facebook) from my test laptop I always get an error about wrong SSL certificate of the page in the browser. Is there a workaround to solve it?

Share this post


Link to post
Share on other sites

No, there is no workaround! It´s all about "HSTS" :ph34r:

  • Upvote 2

Share this post


Link to post
Share on other sites

Running into strange behaviors with the current firmware on Tetra. SSLsplit always shows as started even if it's not. I've emptied the page cache, restarted multiple times, it's not checked to autostart and yet it appears to be stuck in the 'started' state. Thought it might be browser cache, but clearing that didnt fix it either.

 

Any thought?

Share this post


Link to post
Share on other sites

Installed on my nano and had a few comments to share or get feedback on. First thanks for the hard work of getting this going, much appreciated for my testing.

1.) Output on the nano seems different from various tutorials I've been watching (maybe they were for SSLStrip though). Output will show me accessing a page but not show my clear text POST data. However if I download my history I can see it right there. This may be as intended, just thought it was worth mentioning. Actually entering the dummy clear text information does have problems that are stated below.

2.)I am currently having problems with it actually working to silently strip SSL. I have test servers with valid SSL certs installed (no HSTS) and it still gives me a security warning on my device connected through PineAP. Big red error about connection not private and cert is invalid. I get the not being able to work on HSTS sites but sites not using that technology I'm still just getting SSL warnings. Is there some other dependency that needs to be installed for this to work? Testing it while tethered to a PC sharing internet connection. Thanks for any feedback.

Share this post


Link to post
Share on other sites

All the certificates and dependency are installed correctly, but when I try to start SSL Split it does not start. Is there something wrong with the configuration (under configuration tab)?

To be honest, I'm new at this. Is there a tutorial on how to use this module? Thanks!

Edited by kevinliu18

Share this post


Link to post
Share on other sites
On 01/01/2017 at 1:37 AM, kevinliu18 said:

All the certificates and dependency are installed correctly, but when I try to start SSL Split it does not start. Is there something wrong with the configuration (under configuration tab)?

To be honest, I'm new at this. Is there a tutorial on how to use this module? Thanks!

It seems that sslsplit binary expects dynamic libs named "libevent_xxx-2.0.so.5" and sadly, libs installed in "/sd/usr/lib/" have a ".5.1.10" suffix:

ldd /sd/bin/sslsplit 
	libssl.so.1.0.0 => /usr/lib/libssl.so.1.0.0 (0x77214000)
	libcrypto.so.1.0.0 => /usr/lib/libcrypto.so.1.0.0 (0x770ae000)
	libevent_openssl-2.0.so.5 => /usr/lib/libevent_openssl-2.0.so.5 (0x7709a000)
	libevent_pthreads-2.0.so.5 => /usr/lib/libevent_pthreads-2.0.so.5 (0x77088000)
	libevent-2.0.so.5 => /usr/lib/libevent-2.0.so.5 (0x7704b000)
	libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77027000)
	libpthread.so.0 => /lib/libpthread.so.0 (0x77001000)
	libc.so.0 => /lib/libc.so.0 (0x76f94000)
	libdl.so.0 => /lib/libdl.so.0 (0x76f80000)
	ld-uClibc.so.0 => /lib/ld-uClibc.so.0 (0x77272000)
ls /sd/usr/lib/
libevent-2.0.so.5.1.10           libevent_extra-2.0.so.5.1.10     libevent_pthreads-2.0.so.5.1.10
libevent_core-2.0.so.5.1.10      libevent_openssl-2.0.so.5.1.10   opkg

 

You can either:

  • remove .5.1.10 suffixes manually
  • create symlinks with proper names in /usr/lib/

second option actually worked for me

Share this post


Link to post
Share on other sites
On 1 de enero de 2017 at 1:37 AM, kevinliu18 said:

All the certificates and dependency are installed correctly, but when I try to start SSL Split it does not start. Is there something wrong with the configuration (under configuration tab)?

To be honest, I'm new at this. Is there a tutorial on how to use this module? Thanks!

The same is happening to me. I can only make it start when installing sslsplit module to internal storage.

However, I dont like this solution, as the generated logs may fill the internal storage.

I also tried to install sslsplit to SD card and then renaming libevent-2.0.so files by removing ".5.1.10" sufrix as explained by Noth, but that didnt work. (module didnt't start).

Would ir be possible to keep this module installed in internal storage and make the logs be stored in SD? (maybe with symbolic links, but I don't know how that can be done)

Any guidance would be much appreciated. Thanks

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...