Results 1 to 4 of 4

Thread: sslstrip -> proxychains -> squid --> odd behavior (at least for me)

  1. #1
    Just burned his ISO
    Join Date
    Mar 2011
    Location
    romagna
    Posts
    2

    Default sslstrip -> proxychains -> squid --> odd behavior (at least for me)

    Hi at all,
    I 've already read some posts in this forum about these tools working toghether but i got an unintended result.

    Here is my set up with mentioned tools on the same host :

    iptables :
    Code:
    iptables -t nat -A PREROUTING -p tcp --dport 80 - j REDIRECT --to-port 666
    proxychains.conf:
    Code:
    http thishost 3128
    squid-cache 3.0 as transparent proxy the rest of squid.conf file is unchanged except:
    Code:
    http_port 3128 transparent
    and except the http_access rules..

    Code:
    proxychains sslstrip -l 666
    I tried to use sslstrip "piped" to squid transparent proxy(in the same evil host) when doing a MITM attack with ARPSPOOF method in a lan.
    Why squid? well, the next step will be to modify html content on the fly through squid and an icap server.

    It doesn't work as i expect.

    Squid duplicate every request to the same site to port 80 and the to port 443.
    It seems squid try to get the requested http content from a site contacting it to port 80 and then to port 443 as it was in dubt about the nature(http or https) of the traffic it has to manage.

    Code:
    [S-chain] -<>- myhost:3128 -<><>- 1.2.3.4:80-<--denied
    [S-chain] -<>- myhost:3128 -<><>- 1.2.3.4:443-<><>-OK
    And in fact i got connections only to hosts accepting https connection!
    i.e trying to get google.com..i got encrypetd.google.com

    I tested singularly all chain components and they work correctly.

    Does proxychains tunnel via ssh the all the traffic catched by sslstrip?

    p.s : i made a revert of this chain, i tried to proxify squid..but proxychains detached the squid process immediatly as strace command reports.

    Thanks in advance.

  2. #2
    Junior Member
    Join Date
    Jan 2010
    Posts
    40

    Default Re: sslstrip -> proxychains -> squid --> odd behavior (at least for me)

    Quote Originally Posted by sabbio View Post
    Hi at all,
    I 've already read some posts in this forum about these tools working toghether but i got an unintended result.

    Here is my set up with mentioned tools on the same host :

    iptables :
    Code:
    iptables -t nat -A PREROUTING -p tcp --dport 80 - j REDIRECT --to-port 666
    proxychains.conf:
    Code:
    http thishost 3128
    squid-cache 3.0 as transparent proxy the rest of squid.conf file is unchanged except:
    Code:
    http_port 3128 transparent
    and except the http_access rules..

    Code:
    proxychains sslstrip -l 666
    I tried to use sslstrip "piped" to squid transparent proxy(in the same evil host) when doing a MITM attack with ARPSPOOF method in a lan.
    Why squid? well, the next step will be to modify html content on the fly through squid and an icap server.

    It doesn't work as i expect.

    Squid duplicate every request to the same site to port 80 and the to port 443.
    It seems squid try to get the requested http content from a site contacting it to port 80 and then to port 443 as it was in dubt about the nature(http or https) of the traffic it has to manage.

    Code:
    [S-chain] -<>- myhost:3128 -<><>- 1.2.3.4:80-<--denied
    [S-chain] -<>- myhost:3128 -<><>- 1.2.3.4:443-<><>-OK
    And in fact i got connections only to hosts accepting https connection!
    i.e trying to get google.com..i got encrypetd.google.com

    I tested singularly all chain components and they work correctly.

    Does proxychains tunnel via ssh the all the traffic catched by sslstrip?

    p.s : i made a revert of this chain, i tried to proxify squid..but proxychains detached the squid process immediatly as strace command reports.

    Thanks in advance.
    Very interesting use of Proxychains and SSLSTRIP, have you been sucessfull without the SQUID Proxy?

    Also wouldn't the IP tables need to be run on the remote server?

    Be interesting if you can achieve SSL Strip remotely.

  3. #3
    Just burned his ISO
    Join Date
    Mar 2011
    Location
    romagna
    Posts
    2

    Default Riferimento: sslstrip -> proxychains -> squid --> odd behavior (at least for me)

    Sorry,Remotely?what do you mean?
    i used proxychains only to redirect sslstrip traffic through squid because they're on the same machine.

    Sslstrip without squid works well but at the moment i didn't try to proxychain sslstrip to anything else different from squid to check how it behaves..and i'm wondering how can i do this,maybe proxychain sslstrip to a different machine and simply listening to a specifi port and watching traffic?

  4. #4
    Junior Member
    Join Date
    Jan 2010
    Posts
    40

    Default Re: Riferimento: sslstrip -> proxychains -> squid --> odd behavior (at least for me)

    Quote Originally Posted by sabbio View Post
    Sorry,Remotely?what do you mean?
    i used proxychains only to redirect sslstrip traffic through squid because they're on the same machine.

    Sslstrip without squid works well but at the moment i didn't try to proxychain sslstrip to anything else different from squid to check how it behaves..and i'm wondering how can i do this,maybe proxychain sslstrip to a different machine and simply listening to a specifi port and watching traffic?
    Remotely as SSH into a remote network and then use proxychains to sslstrip the remote network.

Similar Threads

  1. [Video] Owning Windows (XP SP3 vs. Squid)
    By g0tmi1k in forum BackTrack Videos
    Replies: 4
    Last Post: 03-24-2011, 03:08 PM
  2. help with squid and sslstrip
    By roonie in forum Beginners Forum
    Replies: 1
    Last Post: 10-18-2010, 05:56 PM
  3. disable encryption in squid
    By bl0tch in forum Beginners Forum
    Replies: 2
    Last Post: 10-13-2010, 05:16 AM
  4. sslstrip & ettercap when squid authentication is enabled
    By djforum in forum Beginners Forum
    Replies: 3
    Last Post: 04-22-2010, 09:50 AM
  5. Anybody setup a Transparent Squid server?
    By imported_spankdidly in forum OLD General IT Discussion
    Replies: 3
    Last Post: 09-17-2007, 05:01 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •