Jump to content
Hak5 Forums
SP2005

Can't start SSLsplit

Recommended Posts

I have installed the module SSLsplit v1.2 and its dependencies.

Each time I click Start it says "Starting.." and the goes back to Start, like it did not start.

Anyone knows what to do here ?

 

Share this post


Link to post
Share on other sites

Sounds like something isn't working under the hood.

 Ssh into your pineapple and run ssl split on the command line to see if it's even starting up.

 

good chance it's the log directory not existing (https://github.com/hak5/wifipineapple-modules/pull/18)

A quick fix may be to ssh into your pineapple and do "mkdir /pineapple/modules/SSLsplit/log"

 

 

Share this post


Link to post
Share on other sites

 At me too the module is launched only with the second attempt. I installed on the SD card - it turned out ok. But the browsers check the root certificate, so you will not cheat anyone.

Share this post


Link to post
Share on other sites
34 minutes ago, trashbo4t said:

Yea I would réserve this attack for mobile devices

Browsers for mobile devices also check root certificates.

Share this post


Link to post
Share on other sites
Just now, art445 said:

Browsers for mobile devices also check root certificates.

Yes, but a user on mobile is more likely to ignore the warning (at least in my experience).

 

Share this post


Link to post
Share on other sites
2 hours ago, trashbo4t said:

Yes, but a user on mobile is more likely to ignore the warning (at least in my experience).

 

Very doubtful hope. I can not log into Facebook  from a smartphone (if enabled SSLsplit) - there's just no such option and there is a warning .

Share this post


Link to post
Share on other sites
1 minute ago, art445 said:

Very doubtful hope. I can not log into Facebook  from a smartphone (if enabled SSLsplit) - there's just no such option and there is a warning .

Perhaps we need a module that can replicate the server.
Essentially an attacker would need to sit in between the session with access to decryption capabilities.

I imagine although, this is near impossible. I also do not understand the handshake well enough to know how keys are exchanged.

We would need some sort of passive/injection technique to trick a client into thinking the pineapple is the server.

Share this post


Link to post
Share on other sites
1 hour ago, trashbo4t said:

Perhaps we need a module that can replicate the server.
Essentially an attacker would need to sit in between the session with access to decryption capabilities.

I imagine although, this is near impossible. I also do not understand the handshake well enough to know how keys are exchanged.

We would need some sort of passive/injection technique to trick a client into thinking the pineapple is the server.

You can not fool the browser from the middle. He has a list of trusted certificate publishers. If he receives a certificate from an unknown publisher, he immediately swears. Everything else, the details of the handshake exchange, etc., do not matter.

Share this post


Link to post
Share on other sites
9 minutes ago, art445 said:

You can not fool the browser from the middle. He has a list of trusted certificate publishers. If he receives a certificate from an unknown publisher, he immediately swears. Everything else, the details of the handshake exchange, etc., do not matter.

Challenge accepted!

 

  • Like 1

Share this post


Link to post
Share on other sites

Somehow the module works just fine now. It's starting as it should do.

Share this post


Link to post
Share on other sites
1 hour ago, SP2005 said:

Somehow the module works just fine now. It's starting as it should do.

Can you see any log output?

Share this post


Link to post
Share on other sites
17 minutes ago, trashbo4t said:

Can you see any log output?

If the module works for a long time, then a log is created. I saw the log, but I did not see any benefit from this log. The client detects the surveillance during the first call on the https protocol. This circumstance depreciates the entire attack.

Share this post


Link to post
Share on other sites
5 minutes ago, art445 said:

If the module works for a long time, then a log is created. I saw the log, but I did not see any benefit from this log. The client detects the surveillance during the first call on the https protocol. This circumstance depreciates the entire attack.

Glad to hear it runs, sslsplit seems to be an outdated vector though.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×