What browsers you try? I try with Firefox, IE and Chrome, but sslstrip only works in Gmail for me in the IE. My SSlstrip version is the 0.9. I found more information in this link.
http://forums.hak5.org/index.php?showtopic=25322
sslstrip & gmail
Hi,
I am currently trying to figure out how Man-In-The-Middle Attacks with arpspoof and sslstrip work (at least on a superficial level). However, while my setup seems alright and I can sniff passwords of most ssl-sites (facebook, Hotmail, even my online banking site) just fine, gmail somehow keeps the https.
I am running BT5R1x32 on a Virtual machine (bridged network adapter)
I setup everything like that:
sslstrip is (or seems) properly installed; portforwarding works (according to cat /proc …).echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
arpspoof -i eth1 -t 192.168.0.2 192.168.0.1
sslstrip -a -k -l 8080
As I said, sslstrip.log shows passwords from sites like facebook.com and on the target no ssl-certificate is displayed. But no matter what I type (mail.google.com, www.gmail.com …), gmail always goes into https. Does that mean that gmail is somehow immune to this kind of sniffing or that I do something wrong? I was unable to find any information on this in the web, including this forum. I assume that the next step would be to use wireshark and analyse the connections. However, I do not know how to efficiently analyze the data captured there.
Thank you very much.
Re: sslstrip & gmail
What browsers you try? I try with Firefox, IE and Chrome, but sslstrip only works in Gmail for me in the IE. My SSlstrip version is the 0.9. I found more information in this link.
http://forums.hak5.org/index.php?showtopic=25322
Re: sslstrip & gmail
In my very own personal experience, it very much depends on the web browser...In Firefox you might have some problems, as well as in IE 9, and google chrome...
You are doing the right process..Keep in mind that arpspoofing is carried out in layer 3 (network), ssl takes place in session layer (Upper layers)...So the arpspoof is done first, when it gets to layer 5 (session), arpspoof has been done..It is supose to work, but ssl (as part of http) works different...
So If you want to read more about ssl and how it woks, you will see that it has to do with web browsers and some server-client interchange issues...I belive that might be the thing to pay attention to...
If you find something interesting about ssl and http, post it so the community can learn about it...
Luck....
Re: sslstrip & gmail
Firefox and chrome both disallow non-https access to gmail and related sites. I'm not sure why the layer makes a difference, as right now, his only concern is the certificate and whether or not it exists...
World Domination is such an ugly phrase. I prefer the term World Optimization.
Posting Permissions