Results 1 to 1 of 1

Thread: SSLSTRIP in a proxy environment

  1. 01-23-2012, 09:22 PM #1
    Stallh0f3n
    Stallh0f3n is offline
    Just burned his ISO
    Join Date
    Dec 2011
    Posts
    9

    Default SSLSTRIP in a proxy environment

    Hi!

    I spent now quite a long time with this problem:

    Sslstrip on normal LAN/WLAN works perfectly but in my other scenario the attack fails.

    My environment:
    Attacker 192.168.0.X
    Victim 192.168.0.X
    Router 192.168.0.1
    Proxy server outside this network on port 3128 and the server is not transparent (you edit the proxy configuration of your browser).

    The normal commands don't work:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    arpspoof -i eth0 192.168.0.1
    iptables -t nat -A PREROUTING -i eth0 -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    python sslstrip.py -p -l 10000 -w /path/to/logfile

    Without a proxy I'm just perform a mitm attack and redirect everything which comes to my machine on port 80 to port 10000. Sslstrip changes all HTTPS links to HTTP, so that the victim creates an HTTP request. But with such a proxy sever in the scenario that won't work.

    So my question is;
    Does the victim send the requests (if he browses to a website for example) still to port 80 or to an other port?
    Whats behind sslstrip? Because I'm between the victim and the router and after the router the proxy comes in. So should I do any POSTROUTING?

    I read everything I found in the forum, on google, and everywhere else. Hopefully someone can help me with this problem!


    -Stallh0f3n-

    # Push!

    I read a lot about iptables in the last days - I think thats the right way to go. But I can't see trough these tons of different command options in iptables.

    At first I do the forward & arpspoof stuff to my machine and then the iptable comes in:

    My setup once again:

    victim:80 --> 80:attacker(me):10000 --> xxxx:router:xxxx --> 3128:proxyserver(NOT transparent) --> internet

    In my mind all the wanted traffic comes to my machine on port 80. So I'll do a prerouting ("iptables -t nat -A PREROUTING -i eth0 -p tcp --destination-port 80 -j REDIRECT --to-port 10000") from my port 80 to my local port 10000 (where SSLSTRIP is listening on). But that doesn't work - am I redirecting the wrong port?

    Should I also do any changes to the OUTPUT or POSTROUTING table?


    -Stallh0f3n-
    Last edited by g0tmi1k; 01-28-2012 at 01:54 PM. Reason: Merged
« Previous Thread | Next Thread »

Similar Threads

  1. proxy and sslstrip
    By bl0tch in forum Experts Forum
    Replies: 3
    Last Post: 11-02-2010, 11:36 AM
  2. sslstrip between victim and proxy ....
    By hornet1 in forum Beginners Forum
    Replies: 4
    Last Post: 10-13-2010, 09:10 AM
  3. dns spoofing in proxy-server Environment ?
    By qazii in forum Beginners Forum
    Replies: 2
    Last Post: 07-17-2010, 06:53 AM
  4. passing traffic through sslstrip then through brup proxy ?
    By hoodadada in forum Beginners Forum
    Replies: 1
    Last Post: 06-07-2010, 03:57 PM
  5. sslstrip behind a proxy server
    By avandelay in forum OLD BackTrack 4 General Support
    Replies: 1
    Last Post: 03-14-2010, 03:43 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules