Printable View
I have not experimented with this yet, but has anyone tried to replay a pcap file with tcpreplay or airtun-ng through loopback or other and redirect to sslstrip? Thanks!
Perhaps just a change in the iptables:
iptables -t nat -A OUTPUT -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>
from
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>
I guess I have something to play with tomorrow. :)
Off the top of my head I'd suggest it's not going to work - a capture file will continue to replay with non-stripped packets each time, which kind of defeats what I think you are trying to do.Quote:
Originally Posted by creepykrawler
The name of the tool has escaped me (stupid non-operational vm system makes it hard to check), but there are tools available to crack SSL if you have the start of the keystream - the part where the user first connected.
By all means though, check it out, I'd be extremely interested if it actually worked.
I been wondering the same thing, replaying captured packets through sslstrip an ettercap, but I'm not sure if that would work..? please let me know what the result was.
thanks, .L
Replaying your .cap via sslstrip will not work. SSLstrip requires the client to be passed a certificate that you've rooted (you know the private key, in the keypair)...
This is interesting regarding the comments of ssl decryption, so long as you have the initial key/pki negotiation... older versions of ethereal/wireshark had options for ssl traffic decryption, as opposed to the "rsa key list", and "debug" file. Does anyone have information/tools they'd like to share with respect to "off-line" ssl decryptions?
best,
J
Try ssldump