Doing a ssl sniff on a lan

[Mutchako]

I`m trying to run sslsniff over a lan that have internet access only by proxy.
When i run sslsniff, he tries to connect to aus2.mozilla.org and versioncheck.addons.mozilla.org without success.

"This occurs because Firefox and Thunderbird depend on their TLS connection to the update server to defend them against all possible attacks." According to Moxie Marlinspike at Defcon 17.

I checked the source and found this lines:

UpdateManager.cpp
...
#define UPDATE_ADDRESS "aus2.mozilla.org"
#define ADDONS_ADDRESS "versioncheck.addons.mozilla.org"
...

This feature was included to allow sslniff to hijack auto-updates from FF/TB.

My problem is: I have a organization that only uses IE6/7/8 and have internet access only by proxy. So i want to run sslsniff but i don't know how to run it without FF's hijack feature or to allow sslsniff to connect to *.mozilla.org by proxy.

I also tried to run ettercap, but he only works with some web services like gmail, yahoo etc.

I'm trying to sniff a proprietary solution (web login). I think this is the why i don't have success with ettercap.

If anyone had the same problem or know how i can do that (ssl sniff on lan) please reply.

Ps: I tried sslstrip, but the site don't have http version or automatic redirection (like http://www.google.com/accounts/ redirects automatically to https://www.google.com/accounts/). When i use i receive a 404 error.

Any other idea ?!?!

Ps2: sorry for my bad english.

[espreto]

What methods you are using in practice?
Take a look at arpspoof + ettercap + sslstrip.

See also here:

http://www.backtrack-linux.org/forum...-urlsnarf.html

Regards,

[Mutchako]

Thanks for the reply, but like I said in the first Ps, sslstrip doesn't
works for me because the site that i want to apply has no http to https redirection.