Results 1 to 4 of 4

Thread: sslstrip & gmail

  1. #1
    Just burned his ISO
    Join Date
    Nov 2011
    Posts
    1

    Question sslstrip & gmail

    Hi,

    I am currently trying to figure out how Man-In-The-Middle Attacks with arpspoof and sslstrip work (at least on a superficial level). However, while my setup seems alright and I can sniff passwords of most ssl-sites (facebook, Hotmail, even my online banking site) just fine, gmail somehow keeps the https.

    I am running BT5R1x32 on a Virtual machine (bridged network adapter)
    I setup everything like that:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
    arpspoof -i eth1 -t 192.168.0.2 192.168.0.1
    sslstrip -a -k -l 8080
    sslstrip is (or seems) properly installed; portforwarding works (according to cat /proc …).
    As I said, sslstrip.log shows passwords from sites like facebook.com and on the target no ssl-certificate is displayed. But no matter what I type (mail.google.com, www.gmail.com …), gmail always goes into https. Does that mean that gmail is somehow immune to this kind of sniffing or that I do something wrong? I was unable to find any information on this in the web, including this forum. I assume that the next step would be to use wireshark and analyse the connections. However, I do not know how to efficiently analyze the data captured there.

    Thank you very much.

  2. #2
    Just burned his ISO
    Join Date
    May 2012
    Posts
    1

    Default Re: sslstrip & gmail

    What browsers you try? I try with Firefox, IE and Chrome, but sslstrip only works in Gmail for me in the IE. My SSlstrip version is the 0.9. I found more information in this link.
    http://forums.hak5.org/index.php?showtopic=25322

  3. #3
    Very good friend of the forum maverik35's Avatar
    Join Date
    Sep 2009
    Location
    Debian land
    Posts
    734

    Default Re: sslstrip & gmail

    In my very own personal experience, it very much depends on the web browser...In Firefox you might have some problems, as well as in IE 9, and google chrome...
    You are doing the right process..Keep in mind that arpspoofing is carried out in layer 3 (network), ssl takes place in session layer (Upper layers)...So the arpspoof is done first, when it gets to layer 5 (session), arpspoof has been done..It is supose to work, but ssl (as part of http) works different...

    So If you want to read more about ssl and how it woks, you will see that it has to do with web browsers and some server-client interchange issues...I belive that might be the thing to pay attention to...

    If you find something interesting about ssl and http, post it so the community can learn about it...

    Luck....

  4. #4
    Senior Member ShadowMaster's Avatar
    Join Date
    Jul 2011
    Location
    /root
    Posts
    189

    Default Re: sslstrip & gmail

    Firefox and chrome both disallow non-https access to gmail and related sites. I'm not sure why the layer makes a difference, as right now, his only concern is the certificate and whether or not it exists...
    World Domination is such an ugly phrase. I prefer the term World Optimization.

Similar Threads

  1. Parsing SSLStrip with definitions.sslstrip in easy-cred
    By ericmilam in forum BackTrack 5 Experts Section
    Replies: 3
    Last Post: 06-28-2011, 09:40 PM
  2. Parsing SSLStrip with definitions.sslstrip in easy-cred
    By ericmilam in forum BackTrack 5 Beginners Section
    Replies: 0
    Last Post: 05-31-2011, 08:39 PM
  3. POP3 gmail
    By abacaba in forum OLD Newbie Area
    Replies: 0
    Last Post: 02-13-2010, 02:07 AM
  4. Gmail and .dat extension
    By loop4me in forum OLD General IT Discussion
    Replies: 3
    Last Post: 10-20-2009, 06:02 PM
  5. Gmail login failure with sslstrip
    By imported_waxgibbons in forum OLD Newbie Area
    Replies: 6
    Last Post: 09-13-2009, 10:47 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •