I still do not understand why Wireshark shows that I am the MITM but SSLStrip will not log anything. SET failed on device wlan0 Device or resource busy. Perhaps these errors reveal something?Įrror for wireless request "Set Mode" (8B06) : This is all the log showed with the -a (all) option which normally would record a wide range of HTTP traffic. Interestingly, the sslstrip.log file did contain entries like this: I tried the http.request,method = "POST" on a Wireshark file with 40,000 entries but found nothing. The idea is, as I understand it, that SSL Strip will work on the MITM computer before the packets are saved by Wireshark. It says: "Login forms usually use the POST request method to send credentials to servers using this filter you'll be able to find out all the credentials your victims inserted in the sites they visited (even the secured ones, thanks to Sslstrip!): " = "POST""." According to this article ( ) you can view POST data (secure and not secure) in Wireshark. I tried again on a network where it looks as if traffic (HTTP, SSL, etc) is flowing through me but nothing gets saved by SSL Strip. Some updates - and thanks for all the advice: Many thanks - I am so confused about this and would really like to learn. I have the Wireshark logs so if anyone has a specific question I can certainly refer to them. The point is that I am forcing traffic through me so the ARP commands are effective. But, in reality, no traffic is ever being recorded. I can see that, this time, traffic is flowing through me and I really do appear to be a MITM. The Wireshark logs do show DNS, HTTP, TCP, and TLS traffic but, once again, the log file stays at 0 bytes.
![bash arpspoof command not found bash arpspoof command not found](https://www.researchgate.net/profile/Prerna-Arote/publication/274340692/figure/fig2/AS:337594815664129@1457500284632/Phase-1-of-ARP-Poisoning-Prevention_Q320.jpg)
Why is nothing going through me? I could understand if the network was empty but it isn't as within a few minutes the Wireshark file has tens of thousands of enteries. And I am using the -a option so everything should be logged. I can observe lots of people nearby in the room doing various things that would generate traffic. I can see that I am telling everyone that I am the router with my ARP commands. However, my Wireshark logs do not reveal that any HTTP, TCP, or TLS traffic is going through me. I ARPspoof the network as described above. There are two issues (which may or may not be interconnected).
![bash arpspoof command not found bash arpspoof command not found](https://s1.manualzz.com/store/data/048934339_2-b0f0c4b39202a114618fdcbd777da589.png)
This often works fine but sometimes there are problems. Iptables -t nat -A PREROUTING -p tcp -destination-port 80 -j REDIRECT -to-port 10000Īrpspoof -i wlan0 .x I'm not doing this for malicious purposes - I'm just curious that's all and have spent many hours trying to figure out my problem with zero success. I have watched the Hak 5 videos about this topic which is why I hope that this forum is an appropriate place to post. There's a couple of things I just cannot make sense of. I am having some interesting experiences while ARPspoofing and using SSLStrip.