Results 1 to 3 of 3

Thread: Configure SSLstrip to only forward when possible

  1. #1
    Junior Member
    Join Date
    Jun 2010
    Posts
    35

    Default Configure SSLstrip to only forward when possible

    Hello,

    With sslstrip it is possible to use http instead of https on the target machine when possible. However, when this is not possible (some sites do not offer plain http login), I would like sslstrip to ignore them and thus to not forward the traffic with the famous Certificate Warning as a consequence.
    Of course, the password will not be captured then, however, the user will not notice anything strange.

    Would this be possible in any way?

    thanks

  2. #2
    Member Mr-Protocol's Avatar
    Join Date
    Jan 2010
    Location
    Ohio
    Posts
    142

    Default Re: Configure SSLstrip to only forward when possible

    I think you are confused on how SSL Strip works...

    Defeating SSL using SSLStrip (Marlinspike Blackhat) Tutorial

    The way the SSLStrip tool works by:

    1. Does an MITM on the HTTP connection
    2. Replaces all the HTTPS links with HTTP ones but remembers the links which were changed
    3. Communicates with the victim client on an HTTP connection for any secure link
    4. Communicates with the legitimate server over HTTPS for the same secure link
    5. Communication is transparently proxied between the victim client and the legitimate server
    6. Images such as the favicon are replaced by images of the familiar "secure lock" icon, to build trust
    7. As the MITM is taking places all passwords, credentials etc are stolen without the Client knowing

  3. #3
    Junior Member
    Join Date
    Jun 2010
    Posts
    35

    Default

    Thank you for the clarification.

    However, my question remains the same: is it possible to configure SSLstrip to forward a HTTPS link when no plain HTTP link is found.
    This is the case for some sites, which do not support HTTP login.

    I understand how sslstrip works, I just want to know if there is a way to do that. Because when I try out SSLstrip on my own network, I still see the certificate error when connecting to some sites.



    EDIT: Alrightie, I was so stupid to not uncomment the iptables rules in /etc/etter.conf, which are used to sniff https using the fake certificate.

    Sslstrip works nicely now, and if a http connection is not possible, it just gives the https connection.

    Thanks for the answers!
    Last edited by SecureSurfer; 06-03-2010 at 06:15 PM.

Similar Threads

  1. iptables to forward traffic
    By Ninja in forum OLD General IT Discussion
    Replies: 1
    Last Post: 12-16-2009, 02:41 AM
  2. Cant Configure KDM
    By k33bz in forum OLD BackTrack 4 General Support
    Replies: 0
    Last Post: 11-27-2009, 10:10 PM
  3. Replies: 6
    Last Post: 08-22-2008, 09:27 AM
  4. Replies: 3
    Last Post: 03-20-2007, 11:40 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •