[Video] How to: Snifff SSL / HTTPS (sslstrip)

[zlate]

I also could not get sslstrip to work on Gmail and then a guy in #backtrack-linux told me that the "big" sites have fixes this by forcing SSL.

I would like this confirmed by someone with connections to maybe the author of sslstrip?

/zlate

[g0tmi1k]

I had this working on gmail the other day.

The problem with gmail is, EACH user has their own setting about HTTP
use HTTP or FORCE HTTPS - If the user has "force" https, then sslstrip doesnt work.
*or at least thats how I remember it*

[randalth0r]

I can't comprehend how SSLstrip works. Is there any SSL connection at all in this scenario? Is all traffic from the client going to dst port 443 redirected to dst port 80 by the attacker? Maybe it's a bit more sophisticated? I mean, if the server only accepts encrypted traffic, which I really hope PayPal does.. Then this attack should fail.

That leads me to that the real connection with a certificate and all is established at the attacker. The connection between CLIENT and ATTACKER is unencrypted. The connection between ATTACKER and SERVER is encrypted? Scenario below, (c) stands for cert.

CLIENT -> ATTACKER (c) -> SERVER (c).

Can anyone verify?

[g0tmi1k]

A picture is worth 1000 words....

[armellagrace]

I am still a beginner
I have a problem when running arpsoof,you can help me?

[lordplagueis]

I am still a beginner
I have a problem when running arpsoof,you can help me?

sometime bt4 names the wireless interface eth1 just issue the #iwconfig command to see what your interface has been named.

[erdmaennchen]

Use "arpspoof -i INTERFACE GATEWAY".

E.x.: "arpspoof -i wlan0 192.168.1.1" with this commandline you listen on the whole network instead of one single target.

[bbford]

Hey gotmi1k, I followed your method, and it worked for me. I read you were having problems with ettercap and thats why you use arpspoof.

I've been doing this without using arpspoof:

echo 1 ....etc
iptables ....etc
ettercap -i wlan0 -Tq -M ARP:REMOTE // // -P autoadd
sslstrip -p -k -f -l 10000

My end results seem to be the same using either your method or my method.
Do you see any advantages of either method?

[g0tmi1k]

I am still a beginner
I have a problem when running arpsoof,you can help me?

Try
ifconfig -a. See what interfaces you have.

sometime bt4 names the wireless interface eth1 just issue the #iwconfig command to see what your interface has been named.

Do you know any reason why this happens?

Use "arpspoof -i INTERFACE GATEWAY".

E.x.: "arpspoof -i wlan0 192.168.1.1" with this commandline you listen on the whole network instead of one single target.

Thanks for the hint.
Some times its better though to target just one client - that way you don't create a bottle neck.
Could you also do the broadcast address?

Hey gotmi1k, I followed your method, and it worked for me. I read you were having problems with ettercap and thats why you use arpspoof.

I've been doing this without using arpspoof:

echo 1 ....etc
iptables ....etc
ettercap -i wlan0 -Tq -M ARP:REMOTE // // -P autoadd
sslstrip -p -k -f -l 10000

My end results seem to be the same using either your method or my method.
Do you see any advantages of either method?

I just dont like anymore ettercap. I wanted to use alternatives to it, arpspoof is the one I like the most! (=
There isn't a "right/wrong" way - just the way that works for you. Thanks for the commands that work for you!

[zlate]

I have some wierd test on my gmail account page when i sslstrip it.
Sickn3ss helped me to set it up as it should work but he haven't sen this before eather.

Google was not to much help eather, so any ideas are appreciated.