PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Evil Access Point / sslstrip

From: nils at hemmann.de (Nils)
Date: Tue, 17 Nov 2009 11:10:19 +0100
Right after I sent the last mail I sort of figured the stupidity of my
conclusion:

"    What I thought of is switching on ARP poisoning between the
external AP network and the internal LAN but I think that might break
the iptables-fu for e.g. sslstrip.   "

ARP poisoning takes place in a switched LAN on layer-2 and you can't do
it actually "between" two networks.
Next problem is that ARP poisoning my own evil AP network doesn't make
sense as the packets are being routed through my own gateway
(192.168.200.1) anyways and there is no need to ARP poison anyone.

...so forget about this.

Remains the idea with more advanced iptables rules and some other tools
than ettercap for ssh downgrade etc..
Any suggestions?

Nils






Nils wrote:

I just figured that my Jasager Fon had been re-flashed with Fon's
original firmware to re-activate my Fon account before I went to the US.
I'm having a day off this week and will give it a try then.
Robin, are you using the standard sslstrip python script on the Fonera
or is it some special package?

For my evil AP script on BT4, I do have a rocking solid combination of
airbase-ng or karma, sslstrip, ettercap (without ARP poisoning),
tcpxtract, msg-, urlsnarf, ferret and hamster
What I'm kind of missing is the packet mangling capability of ettercap
on layer-2. I'd like to have ssh downgrade or smb clear text
capabilities. What I thought of is switching on ARP poisoning between
the external AP network and the internal LAN but I think that might
break the iptables-fu for e.g. sslstrip.

Does anyone have a good idea how to realize this on layer-3? Is there
some standalone tool which can perform ssh downgrade or force SMB clear
text just with iptables magic and without ARP poisoning?

Thanks,
Nils


Robin Wood wrote:
  

There is a sslstrip package for openwrt which installs fine on the
fon, I just couldn't get it to work! Very frustraiting, being in the
middle but note being able to actually modify any of the traffic.

Robin

2009/11/14 Nils <nils at hemmann.de>:
  
    

sorry, I meant on the PC. My script has been written for BT4.
So then the iptables rule with port 80 is still fine at least for PC usage.

Robin, I still have your Jasager Installation on one of my Foneras. I'll
give it a try with sslstrip.



Robin Wood wrote:
    
      

2009/11/13 Joseph McManus <joe.mcmanus at gmail.com>:

      
        

Hello,

The way I got this to work was setting the ip of my Linux machine as the
default gateway on the Fon.  Then use the Iptable rules as usual on the
linux machine iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j
REDIRECT --to-port 10000 set ssl strip to listen to port 10000.  Works like
a charm.

        
          

That is having sslstrip on the PC, I wanted it on the Fon, I assumed
Nils did but this is an option.

Robin


      
        

~Joe

Make sure your Linux machine is set to forwarding mode.

On Fri, Nov 13, 2009 at 9:38 AM, Robin Wood <dninja at gmail.com> wrote:

        
          

Good luck with this, I've been trying to get it working for at least
the past month, see all the questions I asked the list about bridging
and iptables.

The problem as far as I can tell is that when the two nics are bridged
that it is very hard to get hold of the traffic as it doesn't make it
to the iptables layer. You apparently need to use ebtables to
manipulate this traffic but again, I couldn't make ebtables affect the
traffic.

If you do get anything working or want any help then let me know and I
can share my notes.

Robin

2009/11/13 Nils <nils at hemmann.de>:

          
            

Hi,
I got a question on the LaFonera Tech Segment in episode 174.
When using sslstrip you suggest to use this iptables rule on the Fonera:
iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT
--to-port 80
having sslstrip listen on port 80

I'm working an evil AP script combining all these attacks using BT4 with
some additions and I'm using this iptables rule:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT
--to-port 10000
having sslstrip listen on port 10000

I got the impression that it is not necessary to pipe https traffic on
port 443 through sslstrip and that the session initiation on http port
80 is what sslstrip takes care of.

By the way, episode 173 inspired me to include the Social Engineering
Toolkit in my script. I wonder how that works out  ;-)

Nils

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


            
              

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

          
            

--
Computer Problems?  I can Help!
http://www.crossloop.com/joemcmanus

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


        
          

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

      
        

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

    
      

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: