0

Goal

The main goal is to monitor all the URL logging (HTTPS) of a specific device in my Network. So I’m decided to buy a Security tool WifiPineApple from Hak5 store.

Ex. Alexa, Chromecast, and maybe iPad.

enter image description here

Steps (Windows 10 PC)

I did :

  • configured a Network Sharing from my Ethernet to the WifiPineApple : here
  • configured Static IP to my WifiPineApple as 172.16.42.42 as required : here
  • GUI/Portal
  • login into the GUI portal, finishing the setup, root password, and SSIDs
    • allow all clients to connect
    • installed “SSLSplit” module from Community Repository, and start it

iPad

I can see the SSID being broadcasted, and connected to it. I tested the Speedtest, I got about 30 Mbps after connected.

Then, I tried to load the HTTPS site, it takes forever to load a simple page.

and the portal is not even auto refresh as they claimed it should ...

Questions

  1. How good could it be to sniff the traffic that take 10 minutes to load a simple page ?
  2. Am I using WifipineApple not correctly ?
  3. Should I use a different modules for SSL Strip HTTPS traffic/request ? I’ve tried DWall, urlsnarf, buy they also works very sluggish and only works for HTTP.
  4. Should I look into other options since WifipineApple, not being so efficient?
  5. With my Network diagram in mind, should I look a better tools/applications like maybe spin up another router in between the router & the modem ?

Expecation

To reiterate my goal, my expectation is very simple, I want to see the URL logs of all the sites requested by my iPad at the particular moment. I can care less about these information header, body, payload, and even credentials, I only care about requested URLs or history.

If anyone has any suggestions for me, I would love to take your advice.

Community
  • 1
code-8
  • 125
  • 1
  • 7
  • 1
    With Fiddled you can [capture iOS traffic](https://www.telerik.com/blogs/how-to-capture-ios-traffic-with-fiddler) and its free. – user2320464 May 13 '20 at 15:19
  • 1
    SSLstrip is not about logging HTTPS-URL. It is about enforcing HTTP instead of HTTPS in the client and then sniffing this unencrypted traffic. It will not work in many cases, i.e. not in the many cases where the client enforces HTTPS. You are likely using the wrong tool for the job you are trying to do. For more see [How does SSLstrip work?](https://security.stackexchange.com/questions/41988/how-does-sslstrip-work) – Steffen Ullrich May 13 '20 at 15:50
  • @user2320464 Thank-you. I downloaded and installed Fiddler on my PC, and have the cert on my iPad trusted. I tested with YouTube app, I can quickly see the traffic loggings - right the way, but the view on the iPad seems messed up. Any idea why ? : https://i.imgur.com/17YnUhg.jpg Do you get a better result on your end ? Should I expect a better result ? – code-8 May 13 '20 at 16:24
  • @SteffenUllrich : I understand that I might use the wrong tool. Right now, I am seeking suggestion from any of you (the security experts). What is the right tool for me ? I will gladly look into it, and try it out one by one. `Fiddler` that @user2320464 suggested is kind of nice, but we have to access to the physical device. Which I do, so it's fine. – code-8 May 13 '20 at 16:28
  • If the base URL is sufficient, meaning HTTPS:// **TheWebsite** / *ButNotTheSub* , then a simple packet capture is all you likely need as the base URL is clear text in the SNI field of the handshake. – user10216038 May 13 '20 at 16:34
  • So fiddler is good for debugging. But not for spying or monitor on a device. If u know other tools for that, please let me know. – code-8 May 13 '20 at 16:43
  • Seems you're looking for something like [squid](http://www.squid-cache.org/). – phbits May 13 '20 at 18:46

0 Answers0