Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 36

Thread: Sickness - Password Sniffing with SSLStrip.

  1. #11
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Sickness - Password Sniffing with SSLStrip.

    Indeed, I will check it out in like 2 days I'm working hard for an exam now and really don't have time but I will tell you what to do as soon as I am done

  2. #12
    Just burned his ISO
    Join Date
    Feb 2010
    Location
    Denmark
    Posts
    5

    Default Re: Sickness - Password Sniffing with SSLStrip.

    Hello people!

    I am very new to both Linux, and Back Trap, but I'm also very passionated about this. I am hoping for a spot at the university to study software development, so this is wonderful readings for me!

    I have one question though. Is this sniffing LAN only, or can I use to cross country as well? The IP address you entered looks like a LAN address given by a random router, I think.

    Thank in advance, and thanks for doing this, Sickness!

  3. #13
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Sickness - Password Sniffing with SSLStrip.

    Ok first of all youngbud I tested SSLStrip on facebook too and it worked for me, the only reason I can think of if the page doesn't pop up is that you've done something wrong with the arpspoof, check out if you have ip_forward on and if you set the iptables rule correct.

    bQnne, it's BackTrack and your question is a little complicated, in my movie I typed a LAN IP for 2 reasons:
    1. In my LAN I have the right to do this, on the internet it would be considered illegal.
    2. It will work on the internet, but that requires a higher level of skill and I personal don't recomand it if you are new to Linux, and even if you were skilled it would still be illegal so sorry about this but I will not explain how this should be done on the internet. If anyone else thinks it is ok to do so, please explain.

  4. #14
    Member
    Join Date
    Feb 2007
    Posts
    229

    Default Re: Sickness - Password Sniffing with SSLStrip.

    This works anywhere where you can spoof ARP - so it wouldn't work across routed networks, VLANs, etc as broadcast data doesnt pass. If it did we'd all be screwed. I also dont suggest trying to do things like this cross country as most (if not all) countries have laws against this and it would likely end up with a pretty view of some cinderblock walls and steel bars (incarceration). Oh, BTW, its BackTrack, not Back Trap.

  5. #15
    Junior Member
    Join Date
    Jan 2010
    Posts
    46

    Default Re: Sickness - Password Sniffing with SSLStrip.

    *original post censored to protect the stupid (i.e., me)*

    /lasteditipromise Lol, stupid. I had --to-ports instead of --to-port. Works now.

    Couple of questions: Any tips for grepping the logins out of the log file? I logged into gmail and facebook on the target machine and there is so much raw data in the log that its really difficult to track down exactly the info I want without getting two full screens of extraneous gibberish. It did successfully capture both of the logins, it just took me 15 minutes to find it in there. Obviously grepping what I know to be the password works quickly, but that kind of defeats the purpose.

    Second, is there a way to make ARPspoof re-arp the target after you stop the attack the way Ettercap tries to do? My target machine can't connect to the internet post-attack without running a sudo arp -d -a in a terminal. Seems like it would be sort of a giveaway in the real world. When I've played around with MITM stuff using Ettercap in the past the transition from ARP spoofing to stopping the attack was more or less transparent.
    Last edited by clutch; 02-16-2010 at 11:00 PM.

  6. #16
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Sickness - Password Sniffing with SSLStrip.

    Well for the grep thing you can use words like "email, loggin, password" and I like to cut all the log in Kate, it makes it easy for the words to be found.
    And the re-arping I'm not sure why that happens, when you hit ctrl+c the victim still get's a few ARP's before it stops and I didn't have this trouble with it. Anyway I will check it out and let you know tomorrow

  7. #17
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Sickness - Password Sniffing with SSLStrip.

    Hi,as your doing this on your network, with your passwords, you should be able to find them, just by searching for them. I tried some and here is what you should search for in case you don't know the pass :
    Website : Pass form :
    facebook pass=YOURPASS
    gmail passwd=YOURPASS
    hotmail idem
    yahoo idem

    enter one of those to search, then press F3 until you get to what you wanted ;)

    Hope this helps !

    PS : could also be "pwd="

  8. #18
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    5

    Default Re: Sickness - Password Sniffing with SSLStrip.

    I have a question, I'm not sure about something
    In the following command:
    arspoof -i <iinterface> -t TARGET HOST
    who is the host? me?

  9. #19
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Sickness - Password Sniffing with SSLStrip.

    You enter "arpspoof -i <interface> -t TARGET IP, Default GATEWAY" you don't enter your IP anywhere

  10. #20
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    1

    Default Re: Sickness - Password Sniffing with SSLStrip.

    Hey Guys,
    I also have some questions, I tried to give me but I did not solve all my problems. I'm a newbie, so please don't flame me too much .

    1. After typing
    echo "1" > /proc/sys
    Backtrack tells me
    bash: /proc/sys: is a directory
    . Can anyone help me and tell me what I'm doing wrong?
    2. I have a TP-Link W-Lan Adaptor. When I type in
    arpspoof -i wlan0 -t ...
    Backtrack is telling me, that wlan0 is down. How can I switch it on? The TP-Link is activated and glows in the right bottom corner or does it have another name than wlan0?
    3. The same problem than sdk26. I found two networks from VMware and they both have a ipv4 address, are these the two I have to type in?

    Thank you

    DFA-Frag

Page 2 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. ARP Poisoning 101 (Not sniffing info...)
    By Whiskey in forum Beginners Forum
    Replies: 12
    Last Post: 07-15-2010, 02:12 AM
  2. sslstrip w/ My Wired-Wireless Network
    By MassAppeal in forum Beginners Forum
    Replies: 11
    Last Post: 02-11-2010, 05:56 AM
  3. Sickness - Password Sniffing Reloaded.
    By sickness in forum BackTrack Videos
    Replies: 8
    Last Post: 02-06-2010, 01:12 PM
  4. sslstrip v0.7
    By Mr-Protocol in forum Tool Requests
    Replies: 2
    Last Post: 01-18-2010, 06:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •