sniffing problems with sslstrip

[khaos]

I'm facing some errors in sslstrip when I'm trying to sniff. Firstly when I set the "1" in ip forward when I'm running ettercap I see that ettercap probably changes the value to "0". Weird!
I also get some errors in python in the sslstrip terminal..

I saw that there is an update for ettercap that because I got l3 errors too. Now I don't have l3 errors but I'm facing some python errors in sslstrip. Poisoning is working ok but I can't get credentials from my test machine in my network. Something is wrong with sslstrip I think.

I'm running Bactrack 5 R1 fully updated (KDE 32bit) hard disk install.

Any help will be great. Thanks

[zimmaro]

hi, Khaos!
for MY little experience:
sslstrip with ettercap (united) used "normally" if not mistaken should still have the "bug" fix ... I hope to be!To Sniffing http / https use yamas.sh GREAT script by "big" comax! (search forum). if you want you can also take a look here to use only sslstrip:
http://www.backtrack-linux.org/forum...ad.php?t=45189
regards zimmaro

[zimmaro]

sorry,
but the link don't make a link:
new : http://vimeo.com/29855807

[khaos]

Thanks zimmaro for the info. I tried yamas. It looks great but the problems in sslstrip exist!
I think that the problem is in my sslstrip :P
What version do you use? BT5R1? and what version of sslstrip?

The bug fixes are released?

Thanks

[zimmaro]

hi,
i'm using bt5r1 kde32 (hd install),bt5r1 gnome32(in virtualbox under win7) & bt5r1 kde 64(in my new notebook)
the problem in NOT sslstrip (your,my,other) the problem reading around would seem ettercap (in this kernel 2.6.39.4),but in old kernel (bt5 2.6.38) the coupled sslstrip&ettercap worked quite-well (as for me I made ​​a old video with bt5r1(black hat edition [kernel 2.6.38]).MY sslstrip is 0.9
look around there are many threads about" sslstrip & ettercap not playing nicely togheter" (read about ericmilam (expert,creator of script easy-creds)
If I understand it to be released an official update of the tool ettercap in December
bye!

[khaos]

Thanks zimmaro. And the video is gr8 congrats
I think that the problem is in sslstrip. I'm running YAMAS without any error in ettercap. I have errors in sslstrip window (python errors, I can paste them if you want). Also what are the settings that needed in etter.conf? I have enabled (removed #) from iptables (2 lines)

[zimmaro]

hi,khaos
repeat (for me & other) only sslstrip worked fine (stripped https) the "i know the python error"(born in """"bt5""") and nothing to do with the version of sslstrip[ in bt4 don't exist error!]
but the "logs" file is ok) .When working together ettercap I have problems(in 2.6.39.4 kernel)!
root@bt:~# gedit /etc/etter.conf

line:
17 ec_uid = 0 # nobody is the default
18 ec_gid = 0 # nobody is the default
167 # if you use iptables:
168 redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
169 redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
bye

[khaos]

Ok I will w8 for an update. Can I ask a general question? If we use sslstrip the victim will see a fake certificate? I think that it must ONLY see just a http:// and not https:// (and not a fake cert and click it) because I tried it in 2 VMs (one backtrack 4 r2 that sslstrip/ettercap works) and the victim (mine pc ) must click a fake certificate. Something is going wrong :P I know that sslstrip just "removes" the ssl captures the passes in plaintext and after sending the credentials to the ssl server (to the site).

I think that the mehtod with fake certificate is not stripping. (I think that Cain/Ettercap used this method some years ago)

[zimmaro]

hi,
i'm not a expert (i'm a old mechanic)I think so, and I miss those good old days:
http://g0tmi1k.blogspot.com/2009/07/...ing-https.html!
bye

[ericmilam]

@Khaos - You will sometimes get errors in the SSLStrip window. This is normal and does not mean that sslstrip has stopped working. Sometimes if the connection is killed or someone stops browsing th page before sslstrip completes, it will throw an error, trust me it's still working fine.

With regards to ettercap, the patch I sent it should be committed now and the new ettercap will not throw the L3 errors.

Yamas is a good tool, feel free to check out easy-creds. It's in the BT5 repos. apt-get install easy-creds.

I also posted some videos on how to use it on youtube. You can search for easy-creds or go to my channel Brav0Hax to see them all.

Happy hunting