I spent now quite a long time with this problem:
Sslstrip on normal LAN/WLAN works perfectly but in my other scenario the attack fails.
Proxy server outside this network on port 3128 and the server is not transparent (you edit the proxy configuration of your browser).
The normal commands don't work:
echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i eth0 192.168.0.1
iptables -t nat -A PREROUTING -i eth0 -p tcp --destination-port 80 -j REDIRECT --to-port 10000
python sslstrip.py -p -l 10000 -w /path/to/logfile
Without a proxy I'm just perform a mitm attack and redirect everything which comes to my machine on port 80 to port 10000. Sslstrip changes all HTTPS links to HTTP, so that the victim creates an HTTP request. But with such a proxy sever in the scenario that won't work.
So my question is;
Does the victim send the requests (if he browses to a website for example) still to port 80 or to an other port?
Whats behind sslstrip? Because I'm between the victim and the router and after the router the proxy comes in. So should I do any POSTROUTING?
I read everything I found in the forum, on google, and everywhere else. Hopefully someone can help me with this problem!
I read a lot about iptables in the last days - I think thats the right way to go. But I can't see trough these tons of different command options in iptables.
At first I do the forward & arpspoof stuff to my machine and then the iptable comes in:
My setup once again:
victim:80 --> 80:attacker(me):10000 --> xxxx:router:xxxx --> 3128:proxyserver(NOT transparent) --> internet
In my mind all the wanted traffic comes to my machine on port 80. So I'll do a prerouting ("iptables -t nat -A PREROUTING -i eth0 -p tcp --destination-port 80 -j REDIRECT --to-port 10000") from my port 80 to my local port 10000 (where SSLSTRIP is listening on). But that doesn't work - am I redirecting the wrong port?
Should I also do any changes to the OUTPUT or POSTROUTING table?
Last edited by g0tmi1k; 01-28-2012 at 01:54 PM. Reason: Merged