Blog de Zscaler

Reciba en su bandeja de entrada las últimas actualizaciones del blog de Zscaler

Suscribirse
Security Research

BlackSheep For Linux

image
JULIEN SOBRIER
November 09, 2010 - 3 Min de lectura

BlackSheep uses compiled code to listen to HTTP traffic. These executables come straight from Firesheep. Firesheep ships with executables for Windows And MacOSX 10.5 (Intel) only, this is why the first release of BlackSheep supports these 2 platforms only.

The number one request I got was to support Linux. The good news is that it is now possible to run BlackSheep on Linux - though it does requires some work to setup.


Too Many Linux environments

The main challenge is that the back-end must be compiled on each possible environment: CPU (x86, x86_64), compiler (gcc 3, gcc 4), and also different versions of libpcap, etc. In the case of Firesheep and BlackSheep, it is not possible to deliver one add-on that would work on all Linux environment.

This means that each Linux user must compile their own version.


Requirements

To make your own Linux version of BlackSheep, you need:

  • autoconf 2.61 or higher (autoconf -V)
  • libpcap-devel with pcap-config
  • xulrunner-sdk (or xulrunner-devel depending on the distribution)
  • boost-devel

Here is how to proceed on CentOS.

autoconf 2.61

CentOS provides autoconf 2.59, so a new version must be compiled from source:
 

  wget http://ftp.gnu.org/gnu/autoconf/autoconf-2.65.tar.gz  tar xf autoconf-2.65.tar.gz  cd autoconf-2.65  ./configure  make  sudo make install  autoconf -V


If autoconf -V still shows the old version, modify your PATH:

 

 

  export PATH=/usr/local/bin:$PATH


libpcap-devel

The version of libpcap-devel in CentOS is too old. A new one must be installed from source:

  sudo yum install flex  sudo yum install byacc  wget http://www.tcpdump.org/release/libpcap-1.1.1.tar.gz  tar -zxvf libpcap-1.1.1.tar.gz  cd libpcap-1.1.1/  ./configure  make  sudo make install


boost-devel

  sudo yum install boost-devel


Back-end from Firesheep

Then, you need to compile the Firesheep-backend. Get the source code for Firesheep for Linux:

  sudo yum install git  sudo yum install xulrunner-devel  git clone git://github.com/mickflemm/firesheep.git  cd firesheep  git submodule update --init  ./autogen.sh --with-xulrunner-sdk=/usr/lib/xulrunner-sdk-1.9.2/  make


Note than xurlrunner could install in a different folder on your Linux box, for example in /usr/lib/xulrunner-devel-1.9.2.12

Check if the back-end works correctly. The directory might be slightly different

  cd xpi/platform/Linux_x86-gcc3/  sudo ./firesheep-backend --fix-permissions  ./firesheep-backend --list-interfaces


The last command might generate an error. However, this may not be an issue. To check if the packet capture works, try this (you may want to change eth0 to wlan0):

  ./firesheep-backend eth0 "tcp port 80"


In a different console, try this

 

  wget https://www.zscaler.com/


You should now this this in the first console

  ./firesheep-backend eth0 "tcp port 80"  {"from":"10.10.100.109:37753","to":"72.249.144.174:80","method":"GET",  "path":"/","query":"","host":"www.zscaler.com","cookies":"",  "userAgent":"Wget/1.11.4 Red Hat modified"}


Congratulations, you'll be able to run BlackSheep on your box.

Next, you need to include the new back-end in the BlackSheep plugin (1.3 or higher):

  cd ~  wget https://www.zscaler.com/research/plugins/firefox/\      blacksheep/blacksheep-latest.xpi  mkdir blacksheep  unzip blacksheep-latest.xpi -d blacksheep/  cd blacksheep  cp -r ../firesheep/xpi/platform/* platform/


Edit the file install.rdf Remove the following lines:

  [em:targetPlatform];Darwin_x86-gcc3[/em:targetPlatform][em:targetPlatform]WINNT_x86-msvc[/em:targetPlatform]


or add your new platform:

  [em:targetPlatform>Linux_x86-gcc3</em:targetPlatform]  [em:targetPlatform]Linux_x86_64-gcc3[/em:targetPlatform]


You may also want to disable the updates to keep your custom, stable version. Remove this line, or modify the URL:

 

  [em:updateURL]http://codebutler.github.com/firesheep/update.rdf[/em:updateURL]


You can now create the XPI file:

  zip blacksheep-latest-linux.xpi -r *


Now, install BlackSheep. Restart your browser and open blacksheep/blacksheep-latest-linux.xpi.

There is one last step: the permissions must be fixed on firesheep-backend.

  cd .mozilla/firefox/ygqde9s7.default/extensions/\      jsobrier\@zscaler.com/platform/Linux_x86-gcc3/  sudo ./firesheep-backend --fix-permissions

 


The new version of BlackSheep contains Linux versions built on CentOS5 x86 and x86_64. If this does not work in your environment, follow the procedure above.


-- Julien

 

 

form submtited
Gracias por leer

¿Este post ha sido útil?

Reciba las últimas actualizaciones del blog de Zscaler en su bandeja de entrada

Al enviar el formulario, acepta nuestra política de privacidad.