Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: sniffing problems with sslstrip

  1. #1
    Member
    Join Date
    Apr 2010
    Posts
    51

    Default sniffing problems with sslstrip

    I'm facing some errors in sslstrip when I'm trying to sniff. Firstly when I set the "1" in ip forward when I'm running ettercap I see that ettercap probably changes the value to "0". Weird!
    I also get some errors in python in the sslstrip terminal..

    I saw that there is an update for ettercap that because I got l3 errors too. Now I don't have l3 errors but I'm facing some python errors in sslstrip. Poisoning is working ok but I can't get credentials from my test machine in my network. Something is wrong with sslstrip I think.

    I'm running Bactrack 5 R1 fully updated (KDE 32bit) hard disk install.

    Any help will be great. Thanks
    Last edited by khaos; 11-08-2011 at 08:05 AM.

  2. #2
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: sniffing problems with sslstrip

    hi, Khaos!
    for MY little experience:
    sslstrip with ettercap (united) used "normally" if not mistaken should still have the "bug" fix ... I hope to be!To Sniffing http / https use yamas.sh GREAT script by "big" comax! (search forum). if you want you can also take a look here to use only sslstrip:
    http://www.backtrack-linux.org/forum...ad.php?t=45189
    regards zimmaro

  3. #3
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: sniffing problems with sslstrip

    sorry,
    but the link don't make a link:
    new : http://vimeo.com/29855807

  4. #4
    Member
    Join Date
    Apr 2010
    Posts
    51

    Default Re: sniffing problems with sslstrip

    Thanks zimmaro for the info. I tried yamas. It looks great but the problems in sslstrip exist!
    I think that the problem is in my sslstrip :P
    What version do you use? BT5R1? and what version of sslstrip?

    The bug fixes are released?

    Thanks

  5. #5
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: sniffing problems with sslstrip

    hi,
    i'm using bt5r1 kde32 (hd install),bt5r1 gnome32(in virtualbox under win7) & bt5r1 kde 64(in my new notebook)
    the problem in NOT sslstrip (your,my,other) the problem reading around would seem ettercap (in this kernel 2.6.39.4),but in old kernel (bt5 2.6.38) the coupled sslstrip&ettercap worked quite-well (as for me I made ​​a old video with bt5r1(black hat edition [kernel 2.6.38]).MY sslstrip is 0.9
    look around there are many threads about" sslstrip & ettercap not playing nicely togheter" (read about ericmilam (expert,creator of script easy-creds)
    If I understand it to be released an official update of the tool ettercap in December
    bye!

  6. #6
    Member
    Join Date
    Apr 2010
    Posts
    51

    Default Re: sniffing problems with sslstrip

    Thanks zimmaro. And the video is gr8 congrats
    I think that the problem is in sslstrip. I'm running YAMAS without any error in ettercap. I have errors in sslstrip window (python errors, I can paste them if you want). Also what are the settings that needed in etter.conf? I have enabled (removed #) from iptables (2 lines)

  7. #7
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: sniffing problems with sslstrip

    hi,khaos
    repeat (for me & other) only sslstrip worked fine (stripped https) the "i know the python error"(born in """"bt5""") and nothing to do with the version of sslstrip[ in bt4 don't exist error!]
    but the "logs" file is ok) .When working together ettercap I have problems(in 2.6.39.4 kernel)!
    root@bt:~# gedit /etc/etter.conf

    line:
    17 ec_uid = 0 # nobody is the default
    18 ec_gid = 0 # nobody is the default
    167 # if you use iptables:
    168 redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    169 redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
    bye

  8. #8
    Member
    Join Date
    Apr 2010
    Posts
    51

    Default Re: sniffing problems with sslstrip

    Ok I will w8 for an update. Can I ask a general question? If we use sslstrip the victim will see a fake certificate? I think that it must ONLY see just a http:// and not https:// (and not a fake cert and click it) because I tried it in 2 VMs (one backtrack 4 r2 that sslstrip/ettercap works) and the victim (mine pc ) must click a fake certificate. Something is going wrong :P I know that sslstrip just "removes" the ssl captures the passes in plaintext and after sending the credentials to the ssl server (to the site).

    I think that the mehtod with fake certificate is not stripping. (I think that Cain/Ettercap used this method some years ago)

  9. #9
    Good friend of the forums zimmaro's Avatar
    Join Date
    Mar 2010
    Location
    milano
    Posts
    407

    Default Re: sniffing problems with sslstrip

    hi,
    i'm not a expert (i'm a old mechanic)I think so, and I miss those good old days:
    http://g0tmi1k.blogspot.com/2009/07/...ing-https.html!
    bye

  10. #10
    Senior Member
    Join Date
    Dec 2010
    Posts
    127

    Default Re: sniffing problems with sslstrip

    @Khaos - You will sometimes get errors in the SSLStrip window. This is normal and does not mean that sslstrip has stopped working. Sometimes if the connection is killed or someone stops browsing th page before sslstrip completes, it will throw an error, trust me it's still working fine.

    With regards to ettercap, the patch I sent it should be committed now and the new ettercap will not throw the L3 errors.

    Yamas is a good tool, feel free to check out easy-creds. It's in the BT5 repos. apt-get install easy-creds.

    I also posted some videos on how to use it on youtube. You can search for easy-creds or go to my channel Brav0Hax to see them all.

    Happy hunting

Page 1 of 2 12 LastLast

Similar Threads

  1. Sslstrip in a lan - Problems !
    By Carto_ in forum BackTrack 5 Experts Section
    Replies: 18
    Last Post: 12-17-2011, 08:20 PM
  2. Replies: 44
    Last Post: 04-08-2011, 02:30 AM
  3. Replies: 0
    Last Post: 11-28-2010, 01:31 PM
  4. Problem with Password Sniffing with SSLStrip
    By Eatme in forum Beginners Forum
    Replies: 7
    Last Post: 10-01-2010, 08:24 AM
  5. Sickness - Password Sniffing with SSLStrip.
    By sickness in forum BackTrack Videos
    Replies: 35
    Last Post: 09-17-2010, 01:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •