Page 5 of 8 FirstFirst ... 34567 ... LastLast
Results 41 to 50 of 79

Thread: [Video] How to: Snifff SSL / HTTPS (sslstrip)

  1. #41
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    9

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    I also could not get sslstrip to work on Gmail and then a guy in #backtrack-linux told me that the "big" sites have fixes this by forcing SSL.

    I would like this confirmed by someone with connections to maybe the author of sslstrip?

    /zlate

  2. #42
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    I had this working on gmail the other day.

    The problem with gmail is, EACH user has their own setting about HTTP
    use HTTP or FORCE HTTPS - If the user has "force" https, then sslstrip doesnt work.
    *or at least thats how I remember it*
    Have you...g0tmi1k?

  3. #43
    Junior Member
    Join Date
    Apr 2010
    Location
    Sweden
    Posts
    35

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    I can't comprehend how SSLstrip works. Is there any SSL connection at all in this scenario? Is all traffic from the client going to dst port 443 redirected to dst port 80 by the attacker? Maybe it's a bit more sophisticated? I mean, if the server only accepts encrypted traffic, which I really hope PayPal does.. Then this attack should fail.

    That leads me to that the real connection with a certificate and all is established at the attacker. The connection between CLIENT and ATTACKER is unencrypted. The connection between ATTACKER and SERVER is encrypted? Scenario below, (c) stands for cert.

    CLIENT -> ATTACKER (c) -> SERVER (c).

    Can anyone verify?

  4. #44
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    A picture is worth 1000 words....
    Have you...g0tmi1k?

  5. #45
    Just burned his ISO armellagrace's Avatar
    Join Date
    Jul 2010
    Posts
    3

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    I am still a beginner
    I have a problem when running arpsoof,you can help me?


  6. #46
    Senior Member lordplagueis's Avatar
    Join Date
    Jan 2010
    Location
    Virginia
    Posts
    106

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Quote Originally Posted by armellagrace View Post
    I am still a beginner
    I have a problem when running arpsoof,you can help me?

    sometime bt4 names the wireless interface eth1 just issue the #iwconfig command to see what your interface has been named.
    HP DV7
    8GB DDR3
    Core i7-720QM
    Nvidia GeForce GT 320M

    BT5-64bit x WIN7-64bit DualBoot

  7. #47
    Just burned his ISO erdmaennchen's Avatar
    Join Date
    Jul 2010
    Posts
    15

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Use "arpspoof -i INTERFACE GATEWAY".

    E.x.: "arpspoof -i wlan0 192.168.1.1" with this commandline you listen on the whole network instead of one single target.

  8. #48
    Just burned his ISO
    Join Date
    Jun 2008
    Posts
    22

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Hey gotmi1k, I followed your method, and it worked for me. I read you were having problems with ettercap and thats why you use arpspoof.

    I've been doing this without using arpspoof:

    echo 1 ....etc
    iptables ....etc
    ettercap -i wlan0 -Tq -M ARP:REMOTE // // -P autoadd
    sslstrip -p -k -f -l 10000

    My end results seem to be the same using either your method or my method.
    Do you see any advantages of either method?

  9. #49
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Quote Originally Posted by armellagrace View Post
    I am still a beginner
    I have a problem when running arpsoof,you can help me?

    Try
    ifconfig -a. See what interfaces you have.

    Quote Originally Posted by lordplagueis View Post
    sometime bt4 names the wireless interface eth1 just issue the #iwconfig command to see what your interface has been named.
    Do you know any reason why this happens?

    Quote Originally Posted by erdmaennchen View Post
    Use "arpspoof -i INTERFACE GATEWAY".

    E.x.: "arpspoof -i wlan0 192.168.1.1" with this commandline you listen on the whole network instead of one single target.
    Thanks for the hint.
    Some times its better though to target just one client - that way you don't create a bottle neck.
    Could you also do the broadcast address?

    Quote Originally Posted by bbford View Post
    Hey gotmi1k, I followed your method, and it worked for me. I read you were having problems with ettercap and thats why you use arpspoof.

    I've been doing this without using arpspoof:

    echo 1 ....etc
    iptables ....etc
    ettercap -i wlan0 -Tq -M ARP:REMOTE // // -P autoadd
    sslstrip -p -k -f -l 10000

    My end results seem to be the same using either your method or my method.
    Do you see any advantages of either method?
    I just dont like anymore ettercap. I wanted to use alternatives to it, arpspoof is the one I like the most! (=
    There isn't a "right/wrong" way - just the way that works for you. Thanks for the commands that work for you!
    Have you...g0tmi1k?

  10. #50
    Just burned his ISO
    Join Date
    Jun 2010
    Posts
    9

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    I have some wierd test on my gmail account page when i sslstrip it.
    Sickn3ss helped me to set it up as it should work but he haven't sen this before eather.

    Google was not to much help eather, so any ideas are appreciated.




Page 5 of 8 FirstFirst ... 34567 ... LastLast

Similar Threads

  1. Sickness - Password Sniffing with SSLStrip.
    By sickness in forum BackTrack Videos
    Replies: 35
    Last Post: 09-17-2010, 01:16 PM
  2. creating BT4 USB persistent video
    By jimmy in forum Beginners Forum
    Replies: 0
    Last Post: 02-12-2010, 11:45 PM
  3. sslstrip w/ My Wired-Wireless Network
    By MassAppeal in forum Beginners Forum
    Replies: 11
    Last Post: 02-11-2010, 05:56 AM
  4. Video Capture Software
    By sprouty in forum Beginners Forum
    Replies: 4
    Last Post: 01-25-2010, 11:16 AM
  5. sslstrip v0.7
    By Mr-Protocol in forum Tool Requests
    Replies: 2
    Last Post: 01-18-2010, 06:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •