Results 1 to 4 of 4

Thread: Parsing SSLStrip with definitions.sslstrip in easy-cred

Hybrid View

  1. #1
    Senior Member
    Join Date
    Dec 2010
    Posts
    127

    Default Parsing SSLStrip with definitions.sslstrip in easy-cred

    I have seen a many posts about parsing through all the data in SSLStrip to find the usernames and passwords. I created easy-creds a while back and it has an SSLStrip parser built into it. However, the definitions.sslstrip file that comes with the download is meant to be edited as new values for sites are found. I tried to include a good number of common sites, but it is not completely comprehensive.

    If you look at the file it is easy to see what values need to be included. Sometimes it does spit back garbage (like for twitter). But that is easy to change.

    Here's how I do it:
    Browse to the login page
    Fire up tamper
    Put in username/password and login
    Verify the values in tamper that contain the login info
    Add those to the definitions file

    For example:
    www.concursolutions.com has a username value of "userid" and a password value of "password"

    So in your definitions you would add:
    concursolutions.com userid= password=

    You can add another value if you like just to make sure the parsing can verify it only from that site. Such as logindomain=

    The parser will then verify all 4 values exists, if they don't it won't return anything.

    I am hoping that people will continue to add to the definitions.sslstrip file and that it can grow stronger. Please feel free to post new sites here...I'll check it out every so often and add them to the base.

    Also, if you don't want to use easy-creds, you can cut/paste the parsing function out if it into its own bash file and run it standalone. All the code is there you just have to add the necessary #!/bin/bash and save it.

    Happy hunting
    J0hnnyBr@v0

  2. #2
    Just burned his ISO jacko's Avatar
    Join Date
    Jan 2011
    Posts
    13

    Default Re: Parsing SSLStrip with definitions.sslstrip in easy-cred

    you can use ettercap to parse.. it does a pretty good job default

    the thing with sslstrip 0.9 is it still doesn't strip newegg.com.. I was going over moxies code and trying to get it to work

  3. #3
    Senior Member
    Join Date
    Dec 2010
    Posts
    127

    Default Re: Parsing SSLStrip with definitions.sslstrip in easy-cred

    Quote Originally Posted by jacko View Post
    you can use ettercap to parse.. it does a pretty good job default

    the thing with sslstrip 0.9 is it still doesn't strip newegg.com.. I was going over moxies code and trying to get it to work
    They work in tandem to catch as much traffic as possible.

    As I say in the easy-creds code...remember to check ALL sources. SSLStrip, ettercap & dsniff and that's why I built the parsing into it.

    Never trust a single source... ;-)

  4. #4
    Senior Member
    Join Date
    Dec 2010
    Posts
    127

    Default Re: Parsing SSLStrip with definitions.sslstrip in easy-cred

    Well if the newegg cookie has 'secure' as an attribute, then sslstrip most likely wont work and ettercap will kick in to offer a fake SSL cert. If that cert is accepted then it'll show up in the ettercap window.

    To setup newegg in the SSLStrip parser for easy-creds just add this line to the end of the definitions.ssltrip file and hit enter:
    NewEgg IsValidate= UserName UserPwd

    That should be enough for the parser to grab the new egg login info if you run it against the SSLStrip logs.

    Happy Hunting!

Similar Threads

  1. Parsing SSLStrip with definitions.sslstrip in easy-cred
    By ericmilam in forum BackTrack 5 Beginners Section
    Replies: 0
    Last Post: 05-31-2011, 08:39 PM
  2. sslstrip help
    By rogue040 in forum OLD BackTrack 4 Software Related Issues
    Replies: 0
    Last Post: 03-29-2010, 02:42 AM
  3. sslstrip v0.7
    By Mr-Protocol in forum Tool Requests
    Replies: 2
    Last Post: 01-18-2010, 06:33 AM
  4. sslstrip
    By muminrz in forum OLD BT4 Feature Requests
    Replies: 1
    Last Post: 02-28-2009, 03:25 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •