Oh I was not aware that SSLStrip could run on the Fon. On Fri, Nov 13, 2009 at 4:21 PM, Robin Wood <[email protected]> wrote:
> 2009/11/13 Joseph McManus <[email protected]>: > > Hello, > > > > The way I got this to work was setting the ip of my Linux machine as the > > default gateway on the Fon. Then use the Iptable rules as usual on the > > linux machine iptables -t nat -A PREROUTING -p tcp --destination-port 80 > -j > > REDIRECT --to-port 10000 set ssl strip to listen to port 10000. Works > like > > a charm. > > That is having sslstrip on the PC, I wanted it on the Fon, I assumed > Nils did but this is an option. > > Robin > > > > > ~Joe > > > > Make sure your Linux machine is set to forwarding mode. > > > > On Fri, Nov 13, 2009 at 9:38 AM, Robin Wood <[email protected]> wrote: > >> > >> Good luck with this, I've been trying to get it working for at least > >> the past month, see all the questions I asked the list about bridging > >> and iptables. > >> > >> The problem as far as I can tell is that when the two nics are bridged > >> that it is very hard to get hold of the traffic as it doesn't make it > >> to the iptables layer. You apparently need to use ebtables to > >> manipulate this traffic but again, I couldn't make ebtables affect the > >> traffic. > >> > >> If you do get anything working or want any help then let me know and I > >> can share my notes. > >> > >> Robin > >> > >> 2009/11/13 Nils <[email protected]>: > >> > Hi, > >> > I got a question on the LaFonera Tech Segment in episode 174. > >> > When using sslstrip you suggest to use this iptables rule on the > Fonera: > >> > iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j > REDIRECT > >> > --to-port 80 > >> > having sslstrip listen on port 80 > >> > > >> > I'm working an evil AP script combining all these attacks using BT4 > with > >> > some additions and I'm using this iptables rule: > >> > iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT > >> > --to-port 10000 > >> > having sslstrip listen on port 10000 > >> > > >> > I got the impression that it is not necessary to pipe https traffic on > >> > port 443 through sslstrip and that the session initiation on http port > >> > 80 is what sslstrip takes care of. > >> > > >> > By the way, episode 173 inspired me to include the Social Engineering > >> > Toolkit in my script. I wonder how that works out ;-) > >> > > >> > Nils > >> > > >> > _______________________________________________ > >> > Pauldotcom mailing list > >> > [email protected] > >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> > Main Web Site: http://pauldotcom.com > >> > > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > > > > > > > > -- > > Computer Problems? I can Help! > > http://www.crossloop.com/joemcmanus > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Computer Problems? I can Help! http://www.crossloop.com/joemcmanus
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
