sorry, I meant on the PC. My script has been written for BT4. So then the iptables rule with port 80 is still fine at least for PC usage.
Robin, I still have your Jasager Installation on one of my Foneras. I'll give it a try with sslstrip. Robin Wood wrote: > 2009/11/13 Joseph McManus <[email protected]>: > >> Hello, >> >> The way I got this to work was setting the ip of my Linux machine as the >> default gateway on the Fon. Then use the Iptable rules as usual on the >> linux machine iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j >> REDIRECT --to-port 10000 set ssl strip to listen to port 10000. Works like >> a charm. >> > > That is having sslstrip on the PC, I wanted it on the Fon, I assumed > Nils did but this is an option. > > Robin > > >> ~Joe >> >> Make sure your Linux machine is set to forwarding mode. >> >> On Fri, Nov 13, 2009 at 9:38 AM, Robin Wood <[email protected]> wrote: >> >>> Good luck with this, I've been trying to get it working for at least >>> the past month, see all the questions I asked the list about bridging >>> and iptables. >>> >>> The problem as far as I can tell is that when the two nics are bridged >>> that it is very hard to get hold of the traffic as it doesn't make it >>> to the iptables layer. You apparently need to use ebtables to >>> manipulate this traffic but again, I couldn't make ebtables affect the >>> traffic. >>> >>> If you do get anything working or want any help then let me know and I >>> can share my notes. >>> >>> Robin >>> >>> 2009/11/13 Nils <[email protected]>: >>> >>>> Hi, >>>> I got a question on the LaFonera Tech Segment in episode 174. >>>> When using sslstrip you suggest to use this iptables rule on the Fonera: >>>> iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT >>>> --to-port 80 >>>> having sslstrip listen on port 80 >>>> >>>> I'm working an evil AP script combining all these attacks using BT4 with >>>> some additions and I'm using this iptables rule: >>>> iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT >>>> --to-port 10000 >>>> having sslstrip listen on port 10000 >>>> >>>> I got the impression that it is not necessary to pipe https traffic on >>>> port 443 through sslstrip and that the session initiation on http port >>>> 80 is what sslstrip takes care of. >>>> >>>> By the way, episode 173 inspired me to include the Social Engineering >>>> Toolkit in my script. I wonder how that works out ;-) >>>> >>>> Nils >>>> >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>>> >>>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> -- >> Computer Problems? I can Help! >> http://www.crossloop.com/joemcmanus >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> >> > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
