Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 36

Thread: Sickness - Password Sniffing with SSLStrip.

  1. #21
    Developer muts's Avatar
    Join Date
    Jan 2006
    Posts
    272

    Default Re: Sickness - Password Sniffing with SSLStrip.

    The video has a couple of errors in it (from what i saw):

    1) echo 1 > /proc/sys/
    2) the yahoo login is over HTTP, not HTTPS ?

  2. #22
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    6

    Cool Re: Sickness - Password Sniffing with SSLStrip.

    Well Done XD

  3. #23
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Sickness - Password Sniffing with SSLStrip.

    The command works with echo "1" > /proc/sys/ too, well for me it did and the thing with yahoo login is still a mistery, when I made the movie it was HTTP, I think they changed it after ...

  4. #24
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Sickness - Password Sniffing with SSLStrip.

    Hi ! I've been trying this on my network, works like a charm ! Now, I wanted to know a few things :
    - Is there a way to do this on multiple targets, or a range of targets, without different sessions ? I couldn't try with multiple computers running, so even with multiple session, will this work ? Will everything be written in the log (from all targets) or only one (at a time ?)
    - If the previous works, is there a possibility to record in different logs ?
    - Is there a way to redirect multiple ports or a range of ports to only one, or another range ? (in wich case, we could listen on different ports with sslstrip and have differents logs). I must confess I don't know anything about iptables, i'll try and dig into that.
    - Can sslstrip listen on different/a range of ports?

    I also wanted to understand why redirecting to 8080 ? I guess we redirect form port 80 because it is the common port used for internet connection right ? But why to 8080 ?
    Could this work on a msn connection ? Log-in use ports 80, 443 and/or(?) 1863 ; to what port should I forward each of those for this to work ? A special one ? Any one ?

    That's all I can think about now, and i know it's a lot to ask. I'll of course keep trying by myself and update my post if I success in any of those.

    Thanks for your help !

    PS: this is only for knowledge purpose (in case some don't like I mention msn...). If anything is not clear, sorry for my english, I try my best ^^. just ask and I'll try to better explain what I ask.

  5. #25
    Just burned his ISO
    Join Date
    Mar 2010
    Posts
    1

    Default Re: Sickness - Password Sniffing with SSLStrip.

    comaX, the answers to your questions:

    Is there a way to do this on multiple targets, or a range of targets, without different sessions ? I couldn't try with multiple computers running, so even with multiple session, will this work ? Will everything be written in the log (from all targets) or only one (at a time ?)
    the program sickenss uses for arp poisoning is arpspoof and, as far as I know, it only works with a single target. Another option for arp spoofing is ettercap, specifying a list (or range) of targets is no problem there. Just stick to command line, cause the GUI happens to be buggy. A good start would be:

    ettercap -TQM arp:remote /192.168.1.64/ /192.168.1.254/
    (64 is the target, 254 the gateway)

    And of course the manual! This covers the arp poisoning, as for sslstrip... you work with only one session as sslstrip works on all the traffic going through your listening port (8080 in the tutorial). It doesn't matter if this traffic comes from 1 target or 10. That's also why there will be one common logfile for all targets.

    If the previous works, is there a possibility to record in different logs ?
    Since the previous (attacking multiple targets) works, I'm going to answer this one the best I can... Yes, it is possible, but seeing as your questions are fairly basic, you definitely don't want to even think about trying to do this. Basically, you would have to edit sslstrip to keep a list of connections and log messages corresponding to different targets into different files. In my opinion it's not worth the trouble. Now, if for some reason I really really wanted to know which connection went with which target, I would either keep the ettercap logs and compare the connection times or try to tweak sslstrip so that the target IP is printed with every message logged.

    OR the following...

    Is there a way to redirect multiple ports or a range of ports to only one, or another range ? (in wich case, we could listen on different ports with sslstrip and have differents logs).
    *Sigh* You really don't like the idea of a common logfile, do you? But it's a good question. I never needed this and honestly, never thought of a way to do it, but what comes first to my mind is to use two iptables policies for each target instead of one. So instead of:

    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

    you would have:

    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -s THE_TARGET'S_IP -j REDIRECT --to-port 8080
    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -d THE_TARGET'S_IP -j REDIRECT --to-port 8080

    The -s and -d flags let you specify the source and destination IP of the packets to which the policy applies. For each target, you would need a set of these two policies, with different ports for each target. Now I have never tried this so I have no idea if it will work. Nevertheless, it's worth a try.

    Also, reading the man pages is usually the best first step you can make

    I also wanted to understand why redirecting to 8080 ? I guess we redirect form port 80 because it is the common port used for internet connection right ? But why to 8080 ?
    It doesn't matter, you can redirect to 8080, 1234, 666, 1337 or wherever you want to. Just be careful not to use a port which is already in use by another process.


    Could this work on a msn connection ? Log-in use ports 80, 443 and/or(?) 1863 ; to what port should I forward each of those for this to work ? A special one ? Any one ?
    I never cared about MSN, so I can't really help you with this one. Do people even use msn anymore?

  6. #26
    Good friend of the forums comaX's Avatar
    Join Date
    Feb 2010
    Location
    Paris, France
    Posts
    338

    Default Re: Sickness - Password Sniffing with SSLStrip.

    the program sickenss uses for arp poisoning is arpspoof and, as far as I know, it only works with a single target
    Well, it turns out it does not ! You just have to write "arpspoof -i <interface> <ip_host>" and it will work on every target on the network. It will show ff:ff:ff:ff:ff:ff is at 192.168.1.1, or something like that. (Very, very useful for public connections. Well, I guess... ;) )

    About the multi logs, I gave a good thought, and it would be useless if the only goal is to sniff passwords. Anyway, thanks for the idea of how to do it with muliple iptables, I can still think of a way to use that.

    For msn, it was just an idea passing by, I tried... and failed. It just didn't connect anymore or connected whitout logging anything. I must have done something wrong as I read on microsoft's site it was using ssl connection... Anyway,I really don't care other's msn password. As I said, it was for knowledge.(And,no, nobody uses msn anymore ^^)

    For the manuals, I try and read them. For iptables it was just incomprehensible. I understand why we use what we use, but I also am unable to create my own or modify it in a way I'd want.

    For the port already in use by another process, you mean on the target's machine ? For instance, if it's dowloading on port 6881, I can't forward to that port, right ?

    Thank you for your help !

  7. #27
    Just burned their ISO
    Join Date
    Feb 2010
    Posts
    22

    Default Sickness - Password Sniffing with SSLStrip.

    Thanks Sickness for your wonderful video .
    which program you are using for your video presentation?

  8. #28
    Just burned his ISO
    Join Date
    Sep 2010
    Posts
    1

    Default Re: Sickness - Password Sniffing with SSLStrip.

    thank you for video

  9. #29
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Sickness - Password Sniffing with SSLStrip.

    Quote Originally Posted by matrix75 View Post
    Thanks Sickness for your wonderful video .
    which program you are using for your video presentation?
    My friend edits my videos, Adobe After Effects and Sony Vegas.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  10. #30
    Good friend of the forums Eatme's Avatar
    Join Date
    Aug 2009
    Location
    Socks5
    Posts
    308

    Default Re: Sickness - Password Sniffing with SSLStrip.

    ettercap -T -q -i wlan0 -w logins.log

    cat logins.log | grep -a email | grep -a pass
    doing this will write out a log file as well as show in "real time" every time someone logs in a website thats HTTPS or has forms with user/password/email etc..

    2nd command will filter out the specific logins. (most/all sites will have either a form with email or pass in it)
    Wiffy-Auto-Cracker - was the best thing that ever happen to me. :) Wo0oT :)
    AWUSO36H_500mW_5dBi Antenna

Page 3 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. ARP Poisoning 101 (Not sniffing info...)
    By Whiskey in forum Beginners Forum
    Replies: 12
    Last Post: 07-15-2010, 02:12 AM
  2. sslstrip w/ My Wired-Wireless Network
    By MassAppeal in forum Beginners Forum
    Replies: 11
    Last Post: 02-11-2010, 05:56 AM
  3. Sickness - Password Sniffing Reloaded.
    By sickness in forum BackTrack Videos
    Replies: 8
    Last Post: 02-06-2010, 01:12 PM
  4. sslstrip v0.7
    By Mr-Protocol in forum Tool Requests
    Replies: 2
    Last Post: 01-18-2010, 06:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •