Search the Community

Hi, I m new to pentesting. I have got my pineapple nano last month. i have been learning by watching tutorials available on internet since then. Most of the material available is related to the nano's predecessors. And i have found that some of them dont work anymore or i m not being guided appropriately. Modules like SSLsplit, DNSspoof, DNSMasq Spoof, Evil portal etc dont seem to work anymore. Like SSLsplit and DNSMasq dont seem to work in case of https sites. On browsers like chrome, firefox etc. the sites like facebook, gmail, etc. dont even open when i try to dnsspoof, and secondly the data is still encrypted after using sslsplit. Infact we just cant open the site without https. So i needed to know that after the implementation of HSTS, have these modules become completely useless??? or is there some way around using them? P.S. I m a newbie so please guide me thoroughly.. :)

Can we bypassing HSTS by using this MITM technique? The attack works on latest versions of iOS including iOS 8.1.1 and On most Android devices. Source: https://blog.zimperium.com/doubledirect-zimperium-discovers-full-duplex-icmp-redirect-attacks-in-the-wild/

After reading countless threads about SSLSTRIP not working on systems such as Safari, Firefox, and Chrome I wanted to inquire about something that was released at Defcon Asia... SSLSTRIP 2 and DNS2PROXY https://github.com/LeonardoNve/sslstrip2 This is a new version of Moxie´s SSLstrip with the new feature to avoid HTTP Strict Transport Security (HSTS) protection mechanism. This version changes HTTPS to HTTP as the original one plus the hostname at html code to avoid HSTS. Check my slides at BlackHat ASIA 2014 OFFENSIVE: EXPLOITING DNS SERVERS CHANGES for more information. For this to work you also need a DNS server that reverse the changes made by the proxy, you can find it athttps://github.com/LeonardoNve/dns2proxy. Demo video at: http://www.youtube.com/watch?v=uGBjxfizy48 The DNS Proxy I am having a really hard time following the instructions, I've tried to contact the developer for clarification but no luck. Anyone else care to chime in on how to setup dns2proxy? - > Also is there anyone willing to take on the challenge on adding this as an infusion to the pineapple? My understanding is this would allow you to compromise all browsers such as Safari, Chrome, and Firefox? The demo video interestingly enough shows quite vividly proof of concept -- just trying to figure out how to do this? I'm running a few Kali Linux machines, can someone clarify how I'm supposed to setup the DNS proxy? To the ENTIRE Hak5 Team; Thankyou for working on a device that is truly amazing and endless with opportunity. We are only limited by our creativity when it comes to deployment with this awesome device. I took it upon myself to invest in all the bells and whistles that came with the Mark 5. Lets talk about build quality - FIRST CLASS! This thing is scary - To the untrained eye you wouldn't have ANY idea what it is... To the trained idea, the only term that comes to mind is pwned and operated. PineAP: ... so thats what Dogma does -- and thats why karma doesn't work as expected anymore :D -- Soooo many questions on this forum could be answered by watching this regarding Karma.. Chris Haralson https://www.youtube.com/channel/UCK15ED34btB3NZznGIXQuwA This guys videos and guides are first class - aimed at people with my skill sets I really couldn't ask for anything to be clearer. I am anxiously awaiting your future guides and videos.. (*I check back everyday*). My office :D And a snazzy little pic of some pineapples....

Hi everyone, As I just recieved my pineapple mark IV, some questions come to me... With the implementation of hsts, sslstrip became a little bit inefficient... (even if I can harvest some of my credentials). I'd like to know a few things : Does someone already test dns2proxy with sslstrip2 from Leonardo Nve ? https://github.com/LeonardoNve How does it works? Cause i'm quite new to this, and i wasn't able to make them work together on my computer. It's ok for the dns which redirect sites to a fake adress when i do a nslookup (like facebook pointing to 192.168.0.123) but sslstrip didn't return me anything. And, it is possible to make an infusion of those to script for a pineapple? (mark IV if possible). And there is the last one, the one i'm ashamed of... how to change my dhcp conf? Sorry if my english seems wierd, i'm french. And thanks :)

Hi guys, On my blog I wrote a post about MitM attack using SSLStrip + arpspoof. It's in Italian so I don't know if u can undestand: http://www.gianlucaghettini.net/intercettazione-traffico-https-e-recupero-dati-sensibili/ Other than the actual attack (which is very well known) I focused on the HSTS policy and how it is useful to prevent such attacks. Do you known any successful attempt to break such security policy? Poisoning the DNS cache of the target host could lead to a scenario in which the target browser goes to a fake domain, receive a forged HTTP header with a max-age value of zero: Strict-Transport-Security: max-age=0; includeSubDomains and then get redirected to the real site. The HSTS RFC says that browser SHOULD ignore the HSTS header when in HTTP mode but maybe this very specific check was not implemented on all browser.

I am asking is this because security is changing rapidly. You can no longer use ssltrip on the sites that contain juicy info because of hsts and I heard Karma will no longer be effective for newer devices do to driver patches. That being said can it do: Ssl split to get around the hsts Create evil twin? Cookie collect/session hijack? Run airmon-ng or the aircrack suite? Apr spoof a connect Ap?

Hey guys, I've just covered HTTP Strict Transport Security (HSTS) and how it helps to improve web security. Any feedback on the blog or input anyone has would be much welcomed. Check it out here: http://scotthel.me/hsts Scott.

Ok so I had this idea a few months ago but don't know how hard it might be to actually do. maybe someone that knows could point me in the right direction. what I want to do is make a MITM module or program for the pineapple that inserts the HSTS header into all http requests, http://en.wikipedia....y#Applicability once I have figured out how to slip in HSTS into headers I want to make one page that populates/connects to 10s or 100s of popular websites that don't use ssl, basically the victim can no longer browse to those pages because there browser believes it should be encrypted. what do you think would this work and what tools could I use to insert the hsts header? ettercap?