The segmentation fault is most likely due to both versions 1.0 and 1.1 of libssl being installed. How can I get sslstrip working again?

The sslstrip+ is found included in the mitmf package.

MTeams has gotten the sslstrip+ to function within our Pwnstar9.0 beta for KaliR2 under construction and have stripped out the older sslstrip and added sslstrip+ See:

https://forums.kali.org/showthread.php?34279-Getting-mitmf-to-function-in-kali-linux-R2

We can post working command lines and in xterm windows if required.


Musket Teams

Thanks, but I need sslsplit not sslstrip.

To scorpius

MTeams was unsure as you wrote sslsplit in the heading and sslstrip in the body of the thread. We are currently working with both. If we find anything for sslsplit we will advise you here.


Musket Teams

To scorpius

MTeams has been unable to induce a segmentation fault. Could you give us more information. This problem is of interest to us as we would like to bring sslsplit into the Pwnstar package. Our problem has been augmenting the iptables to support the http/https split to different ports while still keeping Pwnstar 9 captive portal functioning

In one terminal, I run the following to arp poison and redirect ports in one step.

bettercap -T 192.168.0.4 \
--custom-redirection 'TCP 80 8080' \
--custom-redirection 'TCP 443 8443' \
--custom-redirection 'TCP 993 8443' \
--custom-redirection 'TCP 995 8443'

In another terminal, I run sslsplit.

sslsplit -j /tmp -S /tmp ssl 0.0.0.0 8443 tcp 0.0.0.0 8080

On the target machine I start some form of ssl communication, and then sslsplit exits with a segmentation fault.

To: scorpius

Currently MTeams is using a i386 Hardrive install of Kali-linux R2 updated but NOT upgraded

1. We were unable to install bettercap

2. We could not induce a segmentation fault

3. Your command line "sslsplit -j /tmp -S /tmp ssl 0.0.0.0 8443 tcp 0.0.0.0 8080" could not be run as it did not include -k ca.key -c ca.crt ssl

The lack of that data was in the error code

We did get the following to run:

sslsplit -D -l connections.log -j /tmp -S /tmp -k ca.key -c ca.crt ssl 0.0.0.0 8443 tcp 0.0.0.0 8080


You might refer here:

https://blog.heckel.xyz/2013/08/04/use-sslsplit-to-transparently-sniff-tls-ssl-connections/

In closing we have gotten the sslsplit to run thru our captive portal in Pwnstar9. We currently have sslsplit sslstrip+ thru mitmf and ferret all logging data at the same time.

MTeams

I was using -k ca.key -c ca.crt, but I simply forgot to paste it in my message. Anyway, it's not a problem of syntax or how to run the attack. I can run sslsplit successfully on kali and also on a plain debian distro. However, a recent apt upgrade in kali resulted in 1.1 of libssl being installed, and that's when the problem started. I'm using a vm and can return to a previous snapshot at any time.

So the problem is with libssl 1.1 and sslsplit. If you are using a vm could you try apt upgrade and see if it breaks sslsplit?

Thanks for your time.

To scorpius

MTeams doesnot use any vmware type programs.

MTeams has stopped upgrading any kali-linux distribution. Very few of our upgrades were successfull and we spent way too much time trying to correct the problems that developed even when they could be identified. Now we simply update and reload the newer distro when issued.

Reference sslsplit": We now have a moderate amount of testing time with this program. It sets off a google warning due to the use of openssl produced certificate files and a https request. Have you found a way around this? This is the same problem when using apache2 to accept https requests

MTeams

Yes, I guess updates can sometimes cause things to break. Oh well.

The only way to not see a warning is to install the certificate on the target.