Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: sslstrip on proxied network

  1. #1
    Junior Member
    Join Date
    May 2008
    Posts
    35

    Default sslstrip on proxied network

    im on a network which has all traffic forwarded to the internet via a squid proxy i.e port 3128 i tried running sslstrip but it fails raising several errors.. so has anyone every got sslstrip to work under such network topology?
    im guessing ssl strip only works on port 80 or 443? plz let me know if any ones got it working

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Yes, I have - with some extra scripts to deal with caveats.

    There are a few things to consider, how the proxy is implemented, authentication, authorisation, ports, firewalls and the like.

    So how is your squid box set up?
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default

    inb4 fport.

  4. #4
    Junior Member
    Join Date
    May 2008
    Posts
    35

    Default

    Quote Originally Posted by Gitsnik View Post
    Yes, I have - with some extra scripts to deal with caveats.

    There are a few things to consider, how the proxy is implemented, authentication, authorisation, ports, firewalls and the like.

    So how is your squid box set up?
    well from what i have seen the setup is more or less like this.

    all the computers are given a static C-class address no gateway is configured the web browser is configure to use the ip 192.168.10.1 on port 3128 as proxy, no authentication as such is required..

    hope this helps.. what other scripts have you used along with sslstrip to get it to work?

  5. #5
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by Cryptid View Post
    well from what i have seen the setup is more or less like this
    Sorry mate, illegality is not my thing.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  6. #6
    Junior Member
    Join Date
    May 2008
    Posts
    35

    Default

    Quote Originally Posted by Gitsnik View Post
    Sorry mate, illegality is not my thing.
    dont worry it isnt... the network topology i am referring to here is my college network. we are trying to get our principal to pump in some funds in developing our infosec classes & labs, so basically a team has been setup(students and faculty included) by the department head to run a pentest and show all the current vulnerabilities and show the principal the importance of the subject, we have achieved success in quite a few different areas but there is nothing like showing clear text passwords traveling on the network when you expect the data to be encrypted to a lay man(my principal is from civil engg background so no harm in calling him a lay man )

  7. #7
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by Cryptid View Post
    dont worry it isnt... the network topology i am referring to here is my college network. we are trying to get our principal to pump in some funds in developing our infosec classes & labs, so basically a team has been setup(students and faculty included) by the department head to run a pentest and show all the current vulnerabilities and show the principal the importance of the subject, we have achieved success in quite a few different areas but there is nothing like showing clear text passwords traveling on the network when you expect the data to be encrypted to a lay man(my principal is from civil engg background so no harm in calling him a lay man )
    Get a copy of the topology from the admin, will make it easier. Pop a meterpreter onto the heads machine, set him up with a console and show him how easy it is to sniff his keystrokes, then get him to log into his footy tipping or whatever - that way he can see the passwords, and you don't have to worry about network so much.

    Detail how you got admin access on his machine if necessary.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  8. #8
    Junior Member
    Join Date
    May 2008
    Posts
    35

    Default

    Quote Originally Posted by Gitsnik View Post
    Get a copy of the topology from the admin, will make it easier. Pop a meterpreter onto the heads machine, set him up with a console and show him how easy it is to sniff his keystrokes, then get him to log into his footy tipping or whatever - that way he can see the passwords, and you don't have to worry about network so much.

    Detail how you got admin access on his machine if necessary.
    Done!

    did a arp poison looked for interesting GET request that ended with .exe and then did a 301 redirect http injection and deployed a binary meterpreter file and rooted the box..

    and way getting back to stripping ssl security what additional scripts did u use?

  9. #9
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by Cryptid View Post
    and way getting back to stripping ssl security what additional scripts did u use?
    Custom written. You need to account for how a proxy works, thief the proxy connection and work from there.

    It's a lot more complex than a standard "I'm intercepting this port and stripping SSL", but not as difficult as it initially seems.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  10. #10
    Junior Member
    Join Date
    May 2008
    Posts
    35

    Default

    Quote Originally Posted by Gitsnik View Post
    Custom written. You need to account for how a proxy works, thief the proxy connection and work from there.

    It's a lot more complex than a standard "I'm intercepting this port and stripping SSL", but not as difficult as it initially seems.
    will you please share your scripts.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •