Results 1 to 5 of 5

Thread: Replay pcap file and use sslstrip

Hybrid View

  1. #1
    Junior Member creepykrawler's Avatar
    Join Date
    Jan 2010
    Location
    USA
    Posts
    56

    Default Replay pcap file and use sslstrip

    I have not experimented with this yet, but has anyone tried to replay a pcap file with tcpreplay or airtun-ng through loopback or other and redirect to sslstrip? Thanks!

    Perhaps just a change in the iptables:

    iptables -t nat -A OUTPUT -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>
    from
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>

    I guess I have something to play with tomorrow.
    Last edited by Archangel-Amael; 03-26-2010 at 11:01 PM.
    "Failing to plan is planning to fail"

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: Replay pcap file and use sslstrip

    Quote Originally Posted by creepykrawler View Post
    Perhaps just a change in the iptables:

    iptables -t nat -A OUTPUT -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>
    from
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>

    I guess I have something to play with tomorrow.
    Off the top of my head I'd suggest it's not going to work - a capture file will continue to replay with non-stripped packets each time, which kind of defeats what I think you are trying to do.

    The name of the tool has escaped me (stupid non-operational vm system makes it hard to check), but there are tools available to crack SSL if you have the start of the keystream - the part where the user first connected.

    By all means though, check it out, I'd be extremely interested if it actually worked.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  3. #3
    Junior Member Lucifer's Avatar
    Join Date
    Feb 2010
    Posts
    75

    Default Re: Replay pcap file and use sslstrip

    I been wondering the same thing, replaying captured packets through sslstrip an ettercap, but I'm not sure if that would work..? please let me know what the result was.

    thanks, .L

  4. #4
    Just burned his ISO
    Join Date
    Feb 2010
    Location
    Arizona
    Posts
    15

    Default Re: Replay pcap file and use sslstrip

    Replaying your .cap via sslstrip will not work. SSLstrip requires the client to be passed a certificate that you've rooted (you know the private key, in the keypair)...

    This is interesting regarding the comments of ssl decryption, so long as you have the initial key/pki negotiation... older versions of ethereal/wireshark had options for ssl traffic decryption, as opposed to the "rsa key list", and "debug" file. Does anyone have information/tools they'd like to share with respect to "off-line" ssl decryptions?

    best,

    J

  5. #5
    Member dustyboner's Avatar
    Join Date
    Jan 2010
    Posts
    98

    Default Re: Replay pcap file and use sslstrip

    Try ssldump

Similar Threads

  1. [Video] How to: Snifff SSL / HTTPS (sslstrip)
    By g0tmi1k in forum BackTrack Videos
    Replies: 78
    Last Post: 04-12-2011, 12:57 AM
  2. Sickness - Password Sniffing with SSLStrip.
    By sickness in forum BackTrack Videos
    Replies: 35
    Last Post: 09-17-2010, 01:16 PM
  3. Packet Replay Problem
    By Blind-Summit in forum Beginners Forum
    Replies: 1
    Last Post: 04-30-2010, 08:48 PM
  4. problems with arpspoof, sslstrip, ettercap
    By username324 in forum Beginners Forum
    Replies: 9
    Last Post: 03-12-2010, 12:02 AM
  5. sslstrip v0.7
    By Mr-Protocol in forum Tool Requests
    Replies: 2
    Last Post: 01-18-2010, 06:33 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •