Sickness - Password Sniffing with SSLStrip.

[sickness]

Indeed, I will check it out in like 2 days I'm working hard for an exam now and really don't have time but I will tell you what to do as soon as I am done

[bQnne]

Hello people!

I am very new to both Linux, and Back Trap, but I'm also very passionated about this. I am hoping for a spot at the university to study software development, so this is wonderful readings for me!

I have one question though. Is this sniffing LAN only, or can I use to cross country as well? The IP address you entered looks like a LAN address given by a random router, I think.

Thank in advance, and thanks for doing this, Sickness!

[sickness]

Ok first of all youngbud I tested SSLStrip on facebook too and it worked for me, the only reason I can think of if the page doesn't pop up is that you've done something wrong with the arpspoof, check out if you have ip_forward on and if you set the iptables rule correct.

bQnne, it's BackTrack and your question is a little complicated, in my movie I typed a LAN IP for 2 reasons:
1. In my LAN I have the right to do this, on the internet it would be considered illegal.
2. It will work on the internet, but that requires a higher level of skill and I personal don't recomand it if you are new to Linux, and even if you were skilled it would still be illegal so sorry about this but I will not explain how this should be done on the internet. If anyone else thinks it is ok to do so, please explain.

[RageLtMan]

This works anywhere where you can spoof ARP - so it wouldn't work across routed networks, VLANs, etc as broadcast data doesnt pass. If it did we'd all be screwed. I also dont suggest trying to do things like this cross country as most (if not all) countries have laws against this and it would likely end up with a pretty view of some cinderblock walls and steel bars (incarceration). Oh, BTW, its BackTrack, not Back Trap.

[clutch]

*original post censored to protect the stupid (i.e., me)*

/lasteditipromise Lol, stupid. I had --to-ports instead of --to-port. Works now.

Couple of questions: Any tips for grepping the logins out of the log file? I logged into gmail and facebook on the target machine and there is so much raw data in the log that its really difficult to track down exactly the info I want without getting two full screens of extraneous gibberish. It did successfully capture both of the logins, it just took me 15 minutes to find it in there. Obviously grepping what I know to be the password works quickly, but that kind of defeats the purpose.

Second, is there a way to make ARPspoof re-arp the target after you stop the attack the way Ettercap tries to do? My target machine can't connect to the internet post-attack without running a sudo arp -d -a in a terminal. Seems like it would be sort of a giveaway in the real world. When I've played around with MITM stuff using Ettercap in the past the transition from ARP spoofing to stopping the attack was more or less transparent.

[sickness]

Well for the grep thing you can use words like "email, loggin, password" and I like to cut all the log in Kate, it makes it easy for the words to be found.
And the re-arping I'm not sure why that happens, when you hit ctrl+c the victim still get's a few ARP's before it stops and I didn't have this trouble with it. Anyway I will check it out and let you know tomorrow

[comaX]

Hi,as your doing this on your network, with your passwords, you should be able to find them, just by searching for them. I tried some and here is what you should search for in case you don't know the pass :
Website : Pass form :
facebook pass=YOURPASS
gmail passwd=YOURPASS
hotmail idem
yahoo idem

enter one of those to search, then press F3 until you get to what you wanted ;)

Hope this helps !

PS : could also be "pwd="

[sdk26]

I have a question, I'm not sure about something
In the following command:
arspoof -i <iinterface> -t TARGET HOST
who is the host? me?

[sickness]

You enter "arpspoof -i <interface> -t TARGET IP, Default GATEWAY" you don't enter your IP anywhere

[DFA-Frag]

Hey Guys,
I also have some questions, I tried to give me but I did not solve all my problems. I'm a newbie, so please don't flame me too much .

1. After typing

echo "1" > /proc/sys

Backtrack tells me

bash: /proc/sys: is a directory

. Can anyone help me and tell me what I'm doing wrong?
2. I have a TP-Link W-Lan Adaptor. When I type in

arpspoof -i wlan0 -t ...

Backtrack is telling me, that wlan0 is down. How can I switch it on? The TP-Link is activated and glows in the right bottom corner or does it have another name than wlan0?
3. The same problem than sdk26. I found two networks from VMware and they both have a ipv4 address, are these the two I have to type in?

Thank you

DFA-Frag