jackendra
-
Posts
12 -
Joined
-
Last visited
Posts posted by jackendra
-
-
The way HSTS works is that the website response includes a header that says "We're on HTTPS, and you should use that from now on when accessing this domain, no matter what the user typed in the URL".
The modified ssl-strip (I think it's simply called ssl-strip-hsts) does nothing more than drop those headers on the floor before passing on the server response to the client.
What this means is that if the client went to the site at some point in the past, every connection (s)he'll make to that site will be via HTTPS and unless you have a way to break that, MITM isn't going to happen, no matter what tool you use.
Alright, I guess I misunderstood:
https://forums.hak5.org/index.php?/topic/33770-defeating-hsts-with-updated-sslstrip/
Really then the wifi pineapple is going to die if that cant be bypassed, when more web browsers and more sites start using HSTS.
(At least for MITIM)
Just to confirm then, because someone else gave me this link:
https://cyberarms.wordpress.com/2014/10/16/mana-tutorial-the-intelligent-rogue-wi-fi-router/
-
I'm hoping to get some help on this.
I posted on HF but got no replies...
I know about HSTS, and last I checked browsers are pretty secure with it in use.
I heard there was a modified or updated version of ssl-strip from a guy at Sensepost that was used for defeating HSTS.
So what I want to know, is since then, has this been implemented in the most recent versions of the Wifi Pineapple?
Also, whether or not it is updated on the WiPi, how useful of a tool is the WiPi if HSTS is in the way? What major sites (I guessing depending on your browser) are vulnerable to MITM like attacks?
Thanks :)
Good day. -
I have to so, there is little flaws if any in this code.
But i do have to say it is quite messy looking.
-
Why not start the interpreter by default unless a file was provided using a parameter?
Thats a great idea!
I just got home from school, I'm updating now.
Edit:
pic showing the update:
-
If anyone is actually looking here, I have another update:
I wrote a quick interpreter, in a separate script, so you dont have to; Open notepad, start writing your script, save, run converter... all that. Instead you just run the interpreter,
and start writing the script in the window and to end your script and save to file start a new line with < and press enter in the terminal/IDLE.
If I decide to I will make it one file where -i starts the interpreter, and -s FILE converts a .txt script
-
Thanks, I am still updating every once and a while to add more functionality.
-
Note: It asks for two things.
'Script'; which is the file which you wrote your script in, and output, which is the file to output code to.
-
I created a sort of converter, that converts simple scripting commands to teensy C source.
I've decided to write in Python since its cross-platform, and most *unix/Linux machines come with it installed.
I have decided to do this because some people may already own a teensy, and want what a teensy can do, but sadly dont have the C experience that others may have.
Heres a little screenshot of what gets outputted:
I did not implement a default delay yet, so you have to be a tad bit more careful when executing multiple 'commands' one after the other.
What do you guys think, any questions?
I wanted to say, I know alot of people have done something like this.
so dont be too mad since I decided to do it also :P
I wasnt planning on sharing due to that fact, but I just felt like I had too.
-
I am already thinking about buying it.
Without a job dont have alot of other things I could buy.
So the Ducky it is.
The only thing I dislike is its speed. Again.
I could pretty well see what its typing in the videos.
But the teensy literally makes it seem like the words are just appearing.
-
I read around the forum and it seems people are saying that getting the full functionality of the Rubber Ducky, on a Teensy may not be possible.
Mostly because the Ducky needs certain hardware to work like it does.
So, the main reason I want the Ducky is because I prefer not to type out:
Keyboard.print or Keyboard.println();
I know that may sound lazy, and truthfully.....
I am a little maybe.
It would be just so much easier to do :
STRING "HI" (I think thats what it is with Duckyscript.
So, what about a way to just get something like Duckyscript on a Teensy?
(If its possible, that'd be great especially since I'd get to keep the speed of the Teensy, but have the advantage of typing about a 1/3 the coding/scripting.
Anyone know anything?
-
So, is this even possible?
To somehow !Safely! flash the new firmware to the teensy (3.1 for me)?
Thanks for any replies in advance!
[Edit]
Or what about the possibility of using Duckyscript on a teensy?
Wifi Pineapple vs HSTS
in WiFi Pineapple Mark V
Posted
I thought about that after I read what the first poster said.
You would think so because thats how HSTS works, but maybe not.