To: socialcred
Okay we threw a little time at the problem here is a solution.
If you run Basic Menu 3 sniff there is no portal page and no problem.
However if you are running a Portal Page and want to sniff with sslslip+ the portal page is gone once you run ANY of the sniffing features so you must let the client get past the portal and begin accessing the internet before you sniff. Here are the variations when running 9a with pwnstar9.0(PS9).
1. Start PS9
2. Run Basic Menu 9a as internet access must be provided
3. If you select the https-http trap feature then once you start the sniffing features the client can only access https requests. If however you select to not use the trap then once the sniffing features are started the client can access both http and https requests. This though means the client cannot pass thru thr portal and get internet access unless a http request is made.
4. Once PS9 is running you will see in yellow:
Enter Line Number of operation to be conducted.
Select 3 sniff victims and additional xterm windows with ferret and sslstrip will open in turn and start writing data as it comes thru. This selection will also rewrite some iptables allowing sslstrip to function.
To allow mitmf(ie sslstrip+) to function you must unbind port 10000 if it is bound
Open a terminal window
Type fuser -k 10000/tcp
or fuser -n tcp 10000
You will get a bunch of Cannot Stat file etc warnings and then
10000/tcp 4677
The 4677 digit is a numerical string designating the process and can be any numeric string
Now type killall -9 and the numeric string seen, in this case 4677
killall -9 4677
You will get an error message ignore it
Now run mitmf.sh and it runs fine. Just give it time to get the python script to run.
We are working on a mitmf.sh that runs all this for you. Will post it here when completed. However we think Basic Menu 3 is a better feature.
MTeams