Results 1 to 5 of 5

Thread: SSLstrip MITM SSL

Hybrid View

  1. #1
    Member imported_onryo's Avatar
    Join Date
    Apr 2009
    Posts
    109

    Default SSLstrip MITM SSL - SLOW!

    I got SSLstrip-0.2 up working with BT4 and it really seems to work. The only thing I don't understand is why on earth is the traffic sooooo darn slow. It takes like 1 min to get into my gmail. Yeah I am getting all the SSL. I am running this on a very fast computer with a USB2 pen. Could it be that I am ARP'n the system to death? Yeah I know it is a proxy but it should not be this slow. Any ideas
    ---

    # echo "1" > /proc/sys/net/ipv4/ip_forward

    # iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT –to-port 8080

    # python ./sslstrip.py -p -f -l 8080 (-p only SSL POST, -f favicon)

    # arpspoof -i ath0 -t (targert IP) (router IP)

    # cat sslstrip.log | grep (ie my email address etc)


    ---
    A quick look at nano and I could see that all the logs were in a nice order starting with a date. Since I only was looking at SSL POST (-p) and not both https and http (-a) this make this cleaner and more interesting.

    Best to ya
    onryo
    Let me explain officer, I am not a hacker. I am a security tester of sorts!

  2. #2
    Member imported_onryo's Avatar
    Join Date
    Apr 2009
    Posts
    109

    Default SSLstrip - what the hell?

    OK fine, let me rephrase that. Has anybody got SSLstrip working in a MITM that is not slowing down the network close to a standstill. My setup is quite easy.

    WPA2 AES laptop in 802.11n ----->SSLstrip MITM with ath0 on a FAST PC---->Dink DIR 665 router.

    The laptop will only send in 802.11n. Could that be the prob? Anybody?

    onryo
    Let me explain officer, I am not a hacker. I am a security tester of sorts!

  3. #3
    Member imported_blackfoot's Avatar
    Join Date
    Jun 2007
    Posts
    386

    Default wifi

    I doubt this is an actual mitm.

    You are using wpa (wpa2). It is not really feasible to encode/decode two or more independent streams (two or more computers/laptops) with this encryption.

    It might be that your mitm is not wholly over the wireless network since you suggest that you are using only one interface. Thus, it is not possible to simultaneously act to monitor and as an access point.

    So, to conclude I think the network is slow because of the inefficient rerouting you are attempting to achieve using old code, on one interface; you are using a python script which certainly proves a concept yet is unlikely to be fast enough to process real-time complex activity, (you need to recode that in C for example) and you are not splitting the wifi headers to redirect effectively.

    This is not to say that this work is of poor quality. Proving concepts is difficult and I encourage you to continue.

    As a side note I have only found 'C' to be fast enough to handle packet manipulation. However, I have used python to prove concepts before writing the 'C' code and published the outcomes a while ago.

    Mod note: may be best moved to Wireless, too complex for General IT.
    Lux sit

  4. #4
    Member imported_onryo's Avatar
    Join Date
    Apr 2009
    Posts
    109

    Default SSLstrip speed issue.

    Thanks for your quick reply,

    At Black Hat DC 2009 Feb 16-17 speaker Moxie Marlinspike described a MITM were the “victim” would not be presented with a certificate warning during a MITM attack. I see it more of a vector attack on the SSL protocol. Traffic comes in on port 80 and is redirected to port 8080 were SSLstrip listens. As far as concepts this would end up high on the list for sure.

    I am using Moxie Marlinspike's software (SSLstrip 0.2). An http (not https) copy is then sent to the victim. A fake favicon of a SSL lock is sent to the victim. The only little detail that he is not getting SSL is that the URL will say “http” and not “https” but the favicon of a lock will be there. It works. I am sniffing all my logins and pw from gmail etc with no certificate warnings presented. You very well might be right about the python speed issue. If this is the case then well I might just port it into C.

    Just as a side not I am using madwif on a AR5001x chip on a very fast PC with a USB2 BT4.

    All the best
    onryo
    Let me explain officer, I am not a hacker. I am a security tester of sorts!

  5. #5
    Just burned his ISO
    Join Date
    Sep 2009
    Posts
    1

    Default

    I have the same problem with this program. I think it's just due to the slowness of Python or its early development stage.

    I also tried setting my web browser's proxy server to localhost:10000 (the port it listens on by default) and it was still slow. Not a lot of CPU, memory, or disk usage though.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •