Page 12 of 23 FirstFirst ... 2101112131422 ... LastLast
Results 111 to 120 of 222

Thread: Script for sniffing traffic.

  1. #111
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Script for sniffing traffic.

    @ComaX If the FakeSSL is active, all packets forwarded THROUGH you would be decrypted. Also, people clicking through the warnings happens way more often than is comforting.

    @khaos What browser are you using? Some browsers (Chrome...) do not allow non-ssl connections to certain sites.
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  2. #112
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Script for sniffing traffic.

    Why has this site been so screwy lately? Mods please delete...
    Last edited by ShadowMaster; 11-27-2011 at 01:16 AM. Reason: SERIOUSLY!!!!?!??!?!?!

  3. #113
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    Maybe I have not understand how sslstrip works. I think that sslstrip removes the ssl and the site will be http://gmail.com and not givint a fake ssl certificate to the victim (as cain and abel). So what I have wrong?
    what did you type in to get to the site ?
    If you typed https://... then sslstrip can't do anything. Now if you only typed "gmail.com", then refer tio ShadowMaster's post : in deed chrome will kinda force you to the secrured version.

    If the FakeSSL is active, all packets forwarded THROUGH you would be decrypted. Also, people clicking through the warnings happens way more often than is comforting.
    That's a damn shame for "standard users"... But anyway, it does mean that both sslstrip and ssl dissecting can't be run at the same time, right ? Again, I'm only assuming since I haven't had the chance to test it myself yet
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  4. #114
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: Script for sniffing traffic.

    I don't know why you would want both to run at the same time. If you get all unencrypted traffic saved, why bother stripping? And even if for some reason you would want the two running, why would they not be able to run concurrently? SSlStrip will take gmail.com and return http. SSL spoofing will(should? maybe test this out?) take https gmailcom and, with the acceptance of the user, return all unencrypted traffic to you. The user still should see HTTPS gmail. Refer to the SE toolkit for similar attacks. The pentesting with metasploit book clearly shows a user with https getting all his traffic read.
    Incidentally, on the other side of the fence, check this out. Any help would be greatly appreciated. http://www.backtrack-linux.org/forum...ad.php?t=46564
    Last edited by ShadowMaster; 11-27-2011 at 03:21 AM.
    World Domination is such an ugly phrase. I prefer the term World Optimization.

  5. #115
    Just burned his ISO
    Join Date
    Nov 2011
    Posts
    3

    Question Re: Script for sniffing traffic.

    In lines 413 & 422 you have hardcoded "wlan0".

    Is it right?

  6. #116
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    I'll check, but if it's the case, it surely is yet again another dev mistake, forgot to replace my interface by the variable... Thanks for reporting !

    You were right, it's now fixed !
    Last edited by comaX; 11-29-2011 at 10:26 PM.
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  7. #117
    Just burned his ISO
    Join Date
    Nov 2011
    Posts
    3

    Default Re: Script for sniffing traffic.

    With script running, sites load much much slower. Is it "normal"?

    Also, I can't login to drupal based sites (e.g. drupal.org), but I can login to Joomla ones. Does it has to do with sslstrip or something else?

  8. #118
    Member
    Join Date
    Apr 2010
    Posts
    51

    Default Re: Script for sniffing traffic.

    Hmm I used chrome. So Ok. But I have a question: If our victim goes directly to https://gmail.com (e.g. he types https://) and we set the rule in iptables to get 443-->port of sslstrip... can we sslstrip the victim? Because port 80 is only for HTTP requests. Why we use that port and not 443? Thanks

  9. #119
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Script for sniffing traffic.

    Because a request to https is made through port 80, while in standard navigation. But if the request is made through port 443, it's already to late.
    As the name sslstrip indicates, it strips the s from https.

    I hope that answers the question, if not, tell and I'll try to be more precise.
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  10. #120
    Member
    Join Date
    Apr 2010
    Posts
    51

    Default Re: Script for sniffing traffic.

    I understood. Thanks for the help. Do you know if the problems with ettercap+sslstrip are fixed?

Page 12 of 23 FirstFirst ... 2101112131422 ... LastLast

Similar Threads

  1. Sniffing SSL Traffic on any application?
    By mortalz in forum Beginners Forum
    Replies: 3
    Last Post: 01-02-2011, 03:36 AM
  2. Replies: 10
    Last Post: 07-12-2010, 03:04 PM
  3. sniffing traffic
    By samer in forum OLD Pentesting
    Replies: 3
    Last Post: 03-27-2009, 01:39 PM
  4. Sniffing traffic between AP and Client.
    By cool_recep in forum OLD Newbie Area
    Replies: 8
    Last Post: 11-11-2008, 09:33 AM
  5. Sniffing Webcam traffic? How to do it?
    By Back|Track_user in forum OLD BackTrack v2.0 Final
    Replies: 2
    Last Post: 12-06-2007, 06:30 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •