Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: sslstrip does nothing

  1. #1
    Just burned his ISO
    Join Date
    Jul 2011
    Posts
    6

    Default sslstrip does nothing

    I have no idea what I'm doing wrong here. Everyone else on the internet seems to get this thing to work first try no problem, but I've been at this thing for two nights now, followed dozens of subtly different directions, and the end result is always the same: Gmail, facebook, etc. still have the HTTPS links intact and sslstrip log files are empty which proves that nothing was captured.

    The commands I use are all taken directly from the sslstrip website:

    echo 1 > /proc/sys/net/ipv4/ip_forward (for the record I've tried the variants where you put the 1 in "" and '')
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000 (also tried 8080)
    python sslstrip.py -w filenamehere.log (also tried it with the -a and -k commands, and -l 8080 when I used 8080 as the redirect port; I've also done it where I ran the setup.py file first)
    arpspoof -i wlan0 -t 192.168.1.2 192.168.1.1 (also tried it without a target, and tried every single address I found on my network with no results; and yes, I'm sure wlan0 is my wireless adapter and that 192.168.1.1 is the router address since that's listed as the gateway when I do a route command, and it's the address I have to type in to get to the router administration page)

    I've tried using my own machine as the victim machine and my phone (hooked up via wifi). In both cases every SSL page I visited still had SSL.

  2. #2
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: sslstrip does nothing

    Tell me how you are browsing the page from which you want to sniff credentials. Do you type the address directly in the address bar like https://site.com ?
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  3. #3
    Just burned his ISO
    Join Date
    Jul 2011
    Posts
    6

    Default Re: sslstrip does nothing

    No, I type in the index page and browse to the log in from there. So for example if I want to login to gmail I'll type in "gmail.com". If I want to go to facebook I'll type in "facebook.com". Both redirect to the https:// address.

  4. #4
    Junior Member M00kaw's Avatar
    Join Date
    Oct 2010
    Location
    127.0.0.1
    Posts
    47

    Default Re: sslstrip does nothing

    When you type: gmail.com your browser connects to http://gmail.com:80 and you then get re-directed to https://gmail.com:443
    Thats where sslstrip comes into the big picture.. You write: iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000

    You dont write iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-port 10000

    So try and write gmail.com facebook.com paypal.com etc. Just dont manually write https :-)

    edit:

    to clear things out - sslstrip listens to port 80 and when there's a redirect to https on port 443, it will strip the ssl...
    If you want to learn more about ssl-strip and how it works etc. there's a nice video from Blackhat 2009 with Moxie Marlinspike (the author of ssl-strip), telling a lot about his script..

    look under Randomized Videos
    http://teh-geek.com/?page_id=475
    Last edited by M00kaw; 07-06-2011 at 01:48 PM.

  5. #5
    Just burned his ISO
    Join Date
    Jul 2011
    Posts
    6

    Default Re: sslstrip does nothing

    So I do write gmail.com, facebook.com, etc. without the http(s)://www. bit, and they always redirect to the SSL pages. And as you can see in m original post, I do have iptables redirecting port 80 traffic, not port 443 traffic so that's not the problem either.

  6. #6
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: sslstrip does nothing

    Have you installed sslstrip correctly ?
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  7. #7
    Just burned his ISO
    Join Date
    Jul 2011
    Posts
    6

    Default Re: sslstrip does nothing

    I'm using the liveUSB version of BT5 so I would assume sslstrip is installed correctly unless there's a problem with the way it was installed by default in BT5. I actually tried running it two ways too. First was running "python sslstirp.py". The second was running "python setup.py" in the sslstrip directory so that I didn't have to use "python sslstrip.py" each time.

  8. #8
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: sslstrip does nothing

    Code:
    cd /pentest/web/sslstrip/
    python setup.py install
    sslstrip -h
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  9. #9
    Just burned his ISO
    Join Date
    Jul 2011
    Posts
    6

    Default Re: sslstrip does nothing

    Quote Originally Posted by sickness View Post
    Code:
    cd /pentest/web/sslstrip/
    python setup.py install
    sslstrip -h
    Tried that, same result as before. All pages still SSL encrypted.

  10. #10
    Just burned his ISO
    Join Date
    Jul 2011
    Posts
    6

    Default Re: sslstrip does nothing

    So I tried this on another network I have access to and now SSLstrip does successfully strip SSL encryption from webpages. It also does successfully capture usernames/passwords. So now I'm curious as to what was so special about the other network that made it immune to sslstrip...

    Unfortunately, however, I have a new problem. Once I try to submit a username/password combo on, say, gmail SSLstrip spits out a flood of errors and takes the whole network down with it.

Page 1 of 2 12 LastLast

Similar Threads

  1. Parsing SSLStrip with definitions.sslstrip in easy-cred
    By ericmilam in forum BackTrack 5 Experts Section
    Replies: 3
    Last Post: 06-28-2011, 09:40 PM
  2. Parsing SSLStrip with definitions.sslstrip in easy-cred
    By ericmilam in forum BackTrack 5 Beginners Section
    Replies: 0
    Last Post: 05-31-2011, 08:39 PM
  3. sslstrip help
    By rogue040 in forum OLD BackTrack 4 Software Related Issues
    Replies: 0
    Last Post: 03-29-2010, 02:42 AM
  4. sslstrip v0.7
    By Mr-Protocol in forum Tool Requests
    Replies: 2
    Last Post: 01-18-2010, 06:33 AM
  5. sslstrip
    By muminrz in forum OLD BT4 Feature Requests
    Replies: 1
    Last Post: 02-28-2009, 03:25 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •