help with SSLstrip needed

[roonie]

hi guys,

im trying to run sslstrip to capture usernames and passwords on my home network.

everything work fine when i arpspoof it between targets however i have a ddwrt router with is able to redirect http traffic.

i redirect http traffic on the router to ip 192.168.0.117 port 10000 (the attacking machine where sslstrip is running)

redirected it for the network 10.1.1.x (the clients network)

when tested it sslstrip looks like its doing its job and when i go to a page like gmail it is http and not https but when i run ettercap it is not capturing the passwords

also it does not capture it in sslstrip logs

but i am sure that the traffic is going through sslstrip as it is taking the S out of the https and displaying a favicon

anyone??

thanks in advance

[cseven]

try enabling ip forwarding:

echo 1 > /proc/sys/net/ipv4/ip_forward

or check what value it is at before doing the above:

cat /proc/sys/net/ipv4/ip_forward

[roonie]

Thanks for your reply

I have made sure that ip forwarding is enabled but it does not make a difference

[comaX]

Try running wireshark to make sure packets from your client's network are going through your machine.
What options do you use with sslstrip ?

[roonie]

yes traffic is getting redirected to me on port 10000

im using sslstrip -a -k -f

im not sure if its not working because im not the man in the middle, i've redirect http traffic on my router to go to the attacking machine on port 10000 when a client surfs the internet i can see sslstrip is working but not capturing.

im thinking i might be cause traffic is being redirected to port 10000 going out to the internet but when it comes back from the internet it is not going via the attacking machine.

however when i log into my router from a client machine i am able to capture the http password for that on my attacking machine