Indonesian Back|Track Team
ask sslstrip parse - Printable Version

+- Indonesian Back|Track Team (https://www.indonesianbacktrack.or.id/forum)
+-- Forum: Penetration Testing Os (https://www.indonesianbacktrack.or.id/forum/forum-170.html)
+--- Forum: Backtrack (https://www.indonesianbacktrack.or.id/forum/forum-171.html)
+---- Forum: BackTrack 5 (https://www.indonesianbacktrack.or.id/forum/forum-74.html)
+----- Forum: Backtrack 5 Tanya Jawab (https://www.indonesianbacktrack.or.id/forum/forum-86.html)
+----- Thread: ask sslstrip parse (/thread-3700.html)



ask sslstrip - d134f94 - 09-25-2012

cara membaca sslstrip.log menggunakkan parselog.py gmna/./..???


ask sslstrip parse - d134f94 - 09-25-2012

cara memparse sslstrip.log gmna???
kan biasannya pake parselog.py
ini scriptnya
#!/usr/bin/env python

#####################
# ParseLog.py
#
# By [email protected]
#####################

""" This file parses the sslstrip.log created by
sslstrip for usernames and passwords (and other
interesting information) defined in the file
resources/definitions.sslstrip. It will also
give you a complete list of all unknown information,
with the exception of anything listed in the file
resources/blacklist.sslstrip.
"""

from urllib import unquote

getIP = lambda origin: origin[origin.find('(')+1:origin.find(')')]

blacklist = []
accounts = []
definitions =[]
def getDefs(defs):
d = {}
for definition in defs:
tmp = definition.split('|')
a = tmp.pop(0)
b = tmp.pop()
if('\n' in b):
b = b[:-1]
tmp.append(b)
d[a] = tmp[:]
return d

def getAllVars(line):
while('&&' in line):
line = line.replace('&&','&')
vars = {}
tmp = line.split('&')
for var in tmp:
try:
(a,b) = var.split('=')
if('$' in unquote(a)):
a = unquote(a).split('$').pop()
if('\n' in unquote(b)):
b = unquote(b)[:-1]
vars[unquote(a)] = unquote(b)
except:
pass
return vars

def process(origin,line):
origin = getIP(origin)
if(origin not in blacklist):
vars = getAllVars(line)
if(origin in definitions):
definition = definitions[origin][:]
name = definition.pop(0)
account = "(%s) " % name
for variable in definition:
try:
v = vars[variable]
except:
v = 'UNDEFINED'
account += "%s = %s :: " % (variable,v)
if('UNDEFINED' not in account):
if(account not in accounts):
accounts.append(account)
account += "**NEW**"
print(account)
else:
print("Unknown:\t%s" % origin)
for var in vars:
if(vars[var] != ""):
print("\t%s:\t%s" % (var,vars[var]))
try:
lines = open('sslstrip.log','r').readlines()
except:
lines = []
try:
blacklist = open('resources/blacklist.sslstrip','r').read().split('\n')
except:
print("--blacklist not defined--")
try:
accounts = open('accounts.txt','r').read().split('\n')
except:
pass
try:
definitions = getDefs(open('resources/definitions.sslstrip','r').readlines())
except:
pass

try:
line = lines.pop(0)
while(1):
while('POST' not in line):
try:
line = lines.pop(0)
except:
break
process(line,lines.pop(0))
try:
line = lines.pop(0)
except:
break
except:
print("Empty logfile.")

output = open('accounts.txt','w')
accounts.sort()
for account in accounts:
if(account != ''):
output.write(account + '\n')


tapi ko slalu kagak berhasil?


RE: ask sslstrip parse - Clound_Carbelius - 09-25-2012

itu apaan om ?
ane pengguna baru Full ..... Big Grin


RE: ask sslstrip parse - alkaaf - 09-25-2012

dibuka biasa napa bro sslstrip.log nya? :d


RE: ask sslstrip - iKONspirasi - 09-26-2012

itu parselog.py yg dari sini ya?

cara menggunakannya cukup mudah, lihat gambar dibawah:
[Image: Capture13.png]
[Image: Capture14.png]
[Image: Capture15.png]

pada intinya seperti kombinasi antara cat dengan grep, tinggal ganti filenya dengan sslstrip.log
selamat mencoba
iKONs


RE: ask sslstrip parse - iKONspirasi - 09-26-2012

btw ane merge tritnya, jangan bikin 2 trit dengan isi yang sama ya, peringatan pertama, harap diperhatikan

terima kasih
iKONs


RE: ask sslstrip parse - d134f94 - 09-28-2012

kalo pake easy creeds gmna cara pek +instal di backtrack 5??



RE: ask sslstrip parse - iKONspirasi - 09-28-2012

(09-28-2012, 06:41 PM)d134f94 Wrote: kalo pake easy creeds gmna cara pek +instal di backtrack 5??

buat trit baru aja, kasih judul ASK